Home > Blogs > VMware Consulting Blog

How to Add a Linux Machine as PowerShell Host in vRO

By Spas Kaloferov


In this article we will look into the alpha version of Microsoft Windows PowerShell v6 for both Linux and Microsoft Windows. We will show how to execute PowerShell commands between Linux , Windows, and VMware vRealize Orchestrator (vRO):

  • Linux to Windows
  • Windows to Linux
  • Linux to Linux
  • vRO to Linux

We will also show how to add a Linux PowerShell (PSHost) in vRO.

Currently, the alpha version of PowerShell v6 does not support the PSCredential object, so we cannot use the Invoke-Command command to programmatically pass credentials and execute commands from vRO, through a Linux PSHost, to other Linux machines, or Windows machines. Conversely, we cannot execute from vRO –> through a Windows PSHost –> to Linux Machines.

To see how we used the Invoke-Command method to do this, see my blog Using CredSSP with the vCO PowerShell Plugin (SKKB1002).

In addition to not supporting the PSCredential object, the alpha version doesn’t support WinRM. WinRM is Microsoft’s implementation of the WS-Management protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that enables hardware and operating systems from different vendors to interoperate. Therefore, when adding a Linux machine as a PowerShell host in vRO, we will be using SSH instead of WinRM as the protocol of choice.

The PowerShell v6 RTM version is expected to support WinRM, so we will be able to add the Linux PSHost with WinRM, and not SSH.

So, let’s get started.

Installing and Configuring PowerShell 6

Setup on Windows

To install PowerShell v6 (currently in alpha) on a Windows Server 2012 R2, first you need to install the Visual C++ Redistributable 2015 package as a prerequisite.

Note: In some cases you may have to install the entire Microsoft Visual Studio 2015 product before you are able to install the Microsoft Visual C++ Redistributable 2015 package.

An installation of PowerShell can establish PowerShell sessions to remote computers using New-PSSession and Enter-PSSession. To enable it to accept incoming PowerShell remote connections, the user must create a WinRM remoting endpoint. This is an explicit opt-in scenario where the user runs Install-PowerShellRemoting.ps1 to create the WinRM endpoint. The installation script is a short-term solution until Microsoft adds additional functionality to Enable-PSRemoting to perform the same action. For more details, see issue #1193, WinRM Plugin Registration and Modification.

You can download and install the MSI PowerShell v6 package at v6.0.0-alpha.10 release of PowerShell.

Open a PowerShell command prompt and run the Install-PowerShellRemoting.ps1 script located in the folder where you installed the package:

.\Install-PowerShellRemoting.ps1 –PowerShellHome “C:\Program Files\PowerShell\” –PowerShellVersion “6.0.0-alpha.9”

When running the command you may receive an error similar to the following:

The WS-Management service cannot process the request. Configuration for plugin: “powershell” is corrupt.


To resolve this open a command prompt window and run:

Winrm invoke Restore http://schemas.microsoft.com/wbem/wsman/1/config/plugin@{}


Run the above PowerShell script again and this time it should complete successfully.


Now let’s open a PowerShell v6 console.

Note: If you open the usual PowerShell console it will not open a PowerShell v6 console. In my case I already have PowerShell v5 installed. You can check which version of PowerShell you are running in the console by running the following command:


In my case if I open the usual PowerShell console and run the command I see PowerShell v5:


If you want to open the PowerShell v6 console you can access it from the Windows start menu:


If you receive the following error, you haven’t installed the Visual C++ Redistributable 2015 prerequisite package.


Check the PowerShell version to verify it is the one you need:


If you want to access PowerShell v6 from the default PowerShell console you have to create a new PSSession and use the PowerShell.6.0.0-alpha.9 configuration name:

$session = NewPSSession –ComputerName localhost –ConfigurationName “powershell.6.0.0-alpha.9”
Enter-PSSession $session


Setup on Linux

PowerShell 6 for Linux supports Ubuntu 14.04, Ubuntu 16.04, CentOS 7, and macOS 10.11. All packages are available on our GitHub releases page.

I have CentOS 7.1 as my Linux PowerShell VM. Execute the following in the terminal to install PowerShell 6 on CentOS Linux:

sudo yum install powershell-6.0.0_alpha.9-1.el7.centos.x86_64.rpm

You can also install the RPM without the intermediate step of downloading it by running the following command:

sudo yum install https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.9/powershell-6.0.0_alpha.9-1.el7.centos.x86_64.rpm


  • $PSHOME is /opt/microsoft/powershell/6.0.0-alpha.9/
  • User profiles will be read from ~/.config/powershell/profile.ps1
  • Default profiles will be read from $PSHOME/profile.ps1
  • User modules will be read from ~/.local/share/powershell/Modules
  • Shared modules will be read from /usr/local/share/powershell/Modules
  • Default modules will be read from $PSHOME/Modules
  • PSReadLine history will be recorded to ~/.local/share/powershell/PSReadLine/ConsoleHost_history.txt

For more installation options, visit Package installation instructions

Open an SSH session to the Linux machine and run the following command to enter into PowerShell:



Installing and Configuring OpenSSH

PowerShell remoting normally uses WinRM for connection negotiation and data transport. SSH was chosen for this remoting implementation since it is now available for both Linux and Windows platforms, and allows true multiplatform PowerShell remoting. However, WinRM also provides a robust hosting model for PowerShell remote sessions which this implementation does not yet do. And this means that PowerShell remote endpoint configuration and JEA (Just Enough Administration) is not yet supported in this implementation.

PowerShell SSH remoting lets you do basic PowerShell session remoting between Windows and Linux machines. This is done by creating a PowerShell hosting process on the target machine as an SSH subsystem. Eventually this will be changed to a more general hosting model similar to how WinRM works in order to support endpoint configuration and JEA.

The New-PSSession, Enter-PSSession and Invoke-Command cmdlets now have a new parameter set to facilitate this new remoting connection.

[-HostName <string>]  [-UserName <string>]  [-KeyPath <string>]

This new parameter set will likely change but for now allows you to create SSH PSSessions that you can interact with from the command line or invoke commands and scripts on. You specify the target machine with the HostName parameter and provide the user name with UserName. When running the cmdlets interactively at the PowerShell command line you will be prompted for a password. But you also have the option to use SSH key authentication and provide a private key file path with the KeyPath parameter. Note that PSCredential is not yet supported.

SSH is required to be installed on all machines.

  • You should install both client (ssh.exe) and server (sshd.exe) so that you can experiment with remoting to and from the machines.
  • For Windows you will need to install Win32 Open SSH from GitHub.
  • For Linux you will need to install SSH (including server) appropriate to your platform.
  • You will also need a recent PowerShell build or package from GitHub having the SSH remoting feature. SSH Subsystems is used to establish a PowerShell process on the remote machine and the SSH server will need to be configured for that.
  • In addition you will need to enable password authentication and optionally key based authentication.

Setup on Windows

Download and install the latest Win32 OpenSSH. For compatibility issues on Nano see issues on Nano

Extract contents to C:\Program Files\OpenSSH

Start PowerShell as Administrator run:

cd ‘C:\Program Files\OpenSSH’

Install sshd and ssh-agent services by running the following command:

powershell.exe .\install-sshd.ps1

Setup SSH host keys (this will generate all the ‘host’ keys that sshd expects when its starts) by running the following command:

.\ssh-keygen.exe -A
Secure SSH host keys (optional)
Start-Service ssh-agent


Download psexec from here and launch cmd.exe as SYSTEM by running:

CMD:\> psexec.exe -i -s cmd.exe

Register host keys in above cmd.exe session by running:


Host private keys are now securely stored by ssh-agent; private key files can be removed at this point.

Open the necessary firewall ports by running:

PS:\> New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH

If you need key-based authentication, run the following to set up the key-auth package and restart the computer:

PS:\> .\install-sshlsa.ps1
PS:\> Restart-Computer


Set sshd in auto-start mode and make it start on boot by running:

PS:\> Set-Service sshd -StartupType Automatic
PS:\> Set-Service ssh-agent -StartupType Automatic

Edit the sshd_config file at the location where you installed Win32 Open SSH

Make sure password authentication is enabled:

PasswordAuthentication yes


Add a PowerShell subsystem entry:

Subsystem powershell PowerShell_Install_Path\powershell.exe -sshs -NoLogo –NoProfile


Optionally enable key authentication:

RSAAuthentication yes
PubkeyAuthentication yes


Restart the sshd service:

PS:\> Restart-Service sshd

Add the path where OpenSSH is installed to your Path Env Variable. This should be along the lines of C:\OpenSSH\:


This allows for the ssh.exe to be found, and resolves the issue you may see as reported in issue #2003, Improve error message for PSRP over SSH when ssh.exe is unavailable in your PATH, with Invoke-Command New-PSSession & Enter-PSSession.

For the detailed manual visit Install Win32 OpenSSH

Setup on Linux

Download and install the OpenSSH Server and Client packages on your Linux machine.


SSH server settings are stored in the /etc/ssh/sshd_config file. Edit the file and allow the following Authentications:

RSAAuthentication yes
PubkeyAuthentication yes


Enable Password authentication:

PasswordAuthentication yes


Add the PowerShell Subsystem:

Subsystem powershell powershell –sshs –NoLogo -NoProfile


Restart sshd.

For more sshd_config references for CentOS visit Securing OpenSSH

Editing the Kerberos Realm on the Linux PSHost

Configure the krb5.config file and add you domain for Kerberos authentication. Configure it the same way we did in Using CredSSP with the vCO PowerShell Plugin (SKKB1002).

In this example, I’ve added my VMware.com Active Directory domain for Kerberos Authentication.

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = VMWARE.COM
default_ccache_name = KEYRING:persistent:%{uid}

kdc = lan1dc1.vmware.com
admin_server = lan1dc1.vmware.com

.vmware.com = VMWARE.COM
vmware.com = VMWARE.COM


At this point I restart both the Linux PS Host and the Windows machines to apply all changes.

Testing PowerShell Execution and Remoting

Now let’s test some PowerShell executions between the Windows and the Linux PowerShell machines.

Windows to Linux

Let’s first test executing a remote command from our Windows to our Linux PowerShell machine.

We will run simple Get-Date and hostname commands on the Linux machine.

Open a PowerShell 6 console on the Windows machine and run:

PS:\> $session = New-PSSession -HostName ps-lux-a-01.vmware.com -UserName administrator@vmware.com
PS:\> Invoke-Command $session -ScriptBlock { Get-Date; hostname }


Linux to Windows

Let’s first test executing a remote command from our Linux to our Windows PowerShell machine. We will run simple Get-Date and hostname commands on the Windows machine. Enter into PowerShell on the Linux machine and run:

PS:\> $session = New-PSSession -HostName lan1dc1.vmware.com -UserName administrator@vmware.com
PS:\> Invoke-Command $session -ScriptBlock { Get-Date; hostname }


Linux to Linux

I don’t have a second Linux PowerShell machine, but in the same manner as above, you can test from Linux to Linux PowerShell machine.

Adding Linux as a Linux PowerShell Host in vRO

Use the steps defined in the Add the PowerShell Host to vCO chapter from Using CredSSP with the vCO PowerShell Plugin (SKKB1002) article.

We will be adding the host as SSH. WinRM will be supported in the initial RTM release of PowerShell v6.

Note: The latest versions of the PowerShell plugin for vRO does not support SSH, so you should take a previous version of the plugin to get that functionality.

Use the following settings:

  • PowerShell remote host type: SSH
  • User Name: administrator_account@domain_name


To test the Linux PSHost use the Invoke a PowerShell script workflow and execute the following simple command:

Get-Date; hostname; whoami


Currently the Alpha version of PowerShell v6 does not support the PSCredential object, so we cannot use the Invoke-Command command to programmatically pass credentials and execute commands from vRO, through a Linux PSHost, to other Linux machines or windows Machines.

And conversely, we cannot execute from vRO , through a Windows PSHost, to Linux Machines.

We did this in the Using CredSSP with the vCO PowerShell Plugin (SKKB1002)

The first RTM version it is also expected to support WinRM so we will be able to add the Linux PSHost with WinRM and not SSH.



Spas Kaloferov is an acting Solutions Architect member of Professional Services Engineering (PSE) for the Software-Defined Datacenter (SDDC) – a part of the Global Technical & Professional Solutions (GTPS) team. Prior to VMware, Kaloferov focused on cloud computing solutions.

One thought on “How to Add a Linux Machine as PowerShell Host in vRO

  1. vikrant

    Great Article, I have really enjoyed your article. You show how to add a Linux machine as powershell host in vRO. It is really helpful. I have some doubts on this but you have cleared my all the doubts . I have done by the help of your article. Thanks for sharing.


Leave a Reply

Your email address will not be published. Required fields are marked *