DPAPI in Remote PSSession from Linux to Windows #11011
Comments
hrobertson
added
the
Issue-Enhancement
|
I tried to 'forward' the credentials myself as follows: $Credential = New-Object System.Management.Automation.PSCredential -ArgumentList @(
'myusername',
(ConvertTo-SecureString -String 'mypassword' -AsPlainText -Force)
)
$Session = New-PSSession -ComputerName $RemoteHost -Credential $Credential -Authentication Negotiate
Invoke-Command -Session $Session -ScriptBlock{
$RemoteSession = New-PSSession -Credential $using:Credential
}But the following error is thrown: |
|
See #1654. DPAPI is Windows only API and will be never ported on Unix. SecureString formally is on Unix but encrypt nothing. |
iSazonov
added
Issue-Question
|
@iSazonov Thank you for your reply but I think you've missed that I'm not asking for DPAPI to be ported to *nix. - I'm wanting to use DPAPI on Windows, I just happen to be in a remote session from a Linux box. If anything, I'd be asking for CredSSP to be ported to *nix but I know that's probably not going to happen. So this request is for an alternative. |
|
From my understading you run New-PSSession on Unix. In the case the cmdlet would use DPAPI locally on Unix to protect data that is impossible. |
|
This issue has been marked as answered and has not had any activity for 1 day. It has been closed for housekeeping purposes. |
ghost
closed this as 
Using DPAPI in a remote PSSession requires using
-Authentication Credsspso that the creds are forwarded.Creating a remote session from Linux to Windows only works using
-Authentication Negotiate. This precludes the use of DPAPI.As a user I want to be able to encrypt data using DPAPI in a remote session created from a Linux host so that I can secure my data.
I appreciate this would be non-trivial to achieve but I have no idea if is is even feasible at all.
The text was updated successfully, but these errors were encountered: