程序博客网 > mysql datetime 减法

[Azure]为ARM虚拟机配置Powershell侦听(HTTP和HTTPS)

来源:互联网 发布:mysql datetime 减法 编辑:程序博客网 时间:2024/06/07 01:06


ARM虚拟机默认只有RDP 的远程连接方式,我们可以在机器创建好后,手动为虚拟机配置 Powershell的侦听。

这里只是使用Azure ARM 虚拟机进行一个简单的演示,对于Windows Server下面的方法其实是通用的。

 

首先我们创建一台Windows Server 2012 R2 的虚拟机,可以在防火墙中添加 TCP 5985 TCP5986端口的放行规则,5985 HTTPListener的侦听端口,5986 HTTPSListener(启用SSL的侦听端口。

 

1)我们先进行HTTP Listener的配置:

登陆虚拟机,打开Powershell,执行Enable-PSRemoting -Force;

i n RN i n RN Users an 1 e Ena is already set up is already set up Administrator: Windows Powe e-PSRemot1ng -Force to receive requests on this computer. for remote management on this computer.

 

执行成功后,使用 netstat -ano | findstr查看是否有 5985 端口的侦听:

Users am e netstat o.o.o.o:5985 C: : ] :5985 -ano 1 n str o.o.o.o:o Administrator: Windows PowerShell 5985 LISTENING LISTENING PS

 

接着我们需要在本地需要连接的客户端机器上添加信任,使用管理员权限打开Powershell,执行下面两条命令:

winrmquickconfig

Set-itemwsman:localhost\client\trustedhosts -value139.219.109.64

注意:上面命令中标黄的部分替换成虚拟机的公网IP地址。

Administrator: Windows PowerSheII PS C: Windows Xsystem32> quickconfig UinRM is not set up to receive requests on 139 .219 .109 .64 this machine . The Following changes must be Start the WinRM service. Set the WinRM service type to make these changes [y/n]? y made : delayed auto start . UinRM has been updated to receive requests . WinRM service type changed successfully. WinRM service started. WSmanFau1t Message ProuiderFauIt WSmanFau1t Message — WinRM Firewall exception will not work since e network connection type to either Domain or Private and try again . one the network connect: Error number: -2144108183 5<80338169 WinRM Firewall exception will not work since one OF the network connection to either Domain or Private and try again. PS C: Windows Xsystem32> wsman : —u alue WinRM Security Conf iguration. types on this machine This command modif ies the reustedHosts list For the WinRM client. The computers in the reustedHos1 send credential information to these computers. Are you sure that you want to modify this list? [N] No [S] Suspend Help (default is y PS C: Windows Xsystem32>

 

配置好之后,使用下面的命令连接到虚拟机的 5985端口:

Enter-Pssession-ComputerName139.219.109.64-port 5985 -Authentication Negotiate -Credentialdaniel -SessionOption (New-PSSessionOption-SkipCACheck -SkipCNCheck)

Windows PowerSheII PS C: VJsers NDanieIHX> Enter—Pssession 139 .219 .109 .64 —ComputerName Authentication Negotiate —Credential dan ieI —Session Option n -SkipCNCheck [139 .64]: ps C: 5985 ion Opti

 

2)我们接着配置 HTTPS Listener,在虚拟机中打开 Powershell,使用下面的命令创建一个自签名证书:

New-SelfSignedCertificate-DnsNamedan2012r2.chinanorth.cloudapp.chinacloudapi.cn-CertStoreLocation Cert:\LocalMachine\My

注意:上面高亮的部分是这台虚拟机公网IP 对应的 DNS名称,如果没有 DNS,直接换成虚拟机的公网 IP 地址就可以了。

Administrator: Windows PowerShell PS C: Users ame New-Se Signe ertl 1 cate -DnsName an2012r2.c 1 nanort . c ou app. c 1 nac ou apl . cn Cert : i ne\My Directory: Mi crosoft. PowerSheII. Security\Certificate: : LocalMachine\My -CertStor eL ocatl on humbpri nt 52FFCIACC8606E8A7750217599742699E42A27A Su bj ect CN=dan2012r2. chi nanorth. cloudapp. chi nacloudapi . cn

 

创建好之后,可以看到下面生成了一个证书指纹(Thumbprint),打开 mmc

Open: Run Type the name of a program, folder, document, or Internet resource, and Windows will open it for pu. mm c This task will be created with administrative privileges.

 

添加 CertificatesComputeraccount):

Consolel File Action View Favorites Console Root Window Help Na me Add or Remove Snap-ins [Console Root] how in this view. You can select snap-ins for this console from those available on your computer and configure the selected set of snagAns. For extensible snap-ins, you can configure which extensions are enabled. Available snap-ins: Selected snap-ins: —console Root Snap-in ActiveX Control Microsoft Cor.. n Authorizaton Manager Microsoft Cor... Certificates Microsoft Cor.. Microsoft Cor.. Services Microsoft Cor... Computer Managem... Microsoft Cor... Device Manager Disk Management Microsoft and... Microsoft Cor... Event Wiener Microsoft Cor... Group Policy Object Microsoft Cor... Microsoft Cor... IP Security Monitor IP Security Pohcy Microsoft Cor.. Link to Web Address Microsoft Cor... Local aackuo Microsoft Cor Description : Edit Extensions... Remove Move up Move Donn The Certficates snap-in allows you to browse the contents of the certificate stores for yourself, a service, or a computer.

Certificates snap-in This snap-in will always manage certificates for C) user account O serv.,ce @ Computer account

 

可以看到刚刚生成的自签名证书:

[Console Root\Certificates (Local Computer)\Personal\Certificates] File Action zfi] Console Root View Favorites Consolel Window Help Issued To Certificates (Local Computer) Personal Certifi cates Trusted Root Certification Enterprise Trust Intermediate Certification Trusted Publishers Untrusted Certificates Third Party Root Certificati Trusted People Client Authentication Issuel Remote Desktop Certificate Enrollment Requ Runtime_Transport_Store_C Smart Card Trusted Roots Trusted Devices dan2D12r2.chinancrth.cIcudap... Issued 8}' dan2D12r2.chinancrth.cIcudapp.c... Expiration Date 8/2/2018 Actions ifica More Actions 012r2.chir More Actions

 

核对一下证书指纹:

Issued To G] dan2012r2.chinanorth.cIoudap... Issued By dan2012r2.chinanorth.cIoudapp.c... Expiration Di 8/2/2018 General Show: Certificate Details Certification Path <AII > n public key Enhanced Key Usage Subject Alternatve Name 61 Subject Key Identfier Key usage Thumbprint algorithm Thumbprint as 2 f fc la 63 42 a2 cc 86 dan2012r2. chinanorth clouda... RSA (2048 Bits) Client Authentcaton (1.3.6.1. . DNS Name =dan2012r2. chinan d44c2b 1136 ad a58b Digital Signature, Key Encipher.. shal as 2ffc la cc es 75 a? 75 02 17 37 42

 

使用管理员权限打开cmd,执行下面的命令添加 HTTPSListener(替换一下域名或者公网 IP,以及证书指纹):

winrm createwinrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="dan2012r2.chinanorth.cloudapp.chinacloudapi.cn";CertificateThumbprint="A52FFC1ACC8606E8A7750217599742699E42A27A"}

 

核实一下 HTTPS的侦听:

netstat-ano | findstr 5986

Users am e netstat o.o.o.o:5986 -ano I n str o.o.o.o:o Administrator: Windows PowerShell 5986 LISTENING LISTENING PS

 

创建成功后,就可以在客户端使用-UseSSL参数来进行连接了:

Enter-Pssession-ComputerName139.219.109.64-port 5986 -Authentication Negotiate -Credentialdaniel -UseSSL -SessionOption (New-PSSessionOption -SkipCACheck-SkipCNCheck)

Windows PowerSheII S C: VJsers NDanieIHX> Enter—Pssession Authentication Negotiate —Credential ion Option -SkipCRCheck -SkipCNCheck [139 .64]: ps C: —ComputerName 139 .219 .109 .64 dan ieI —UseSSL —SessionOption 5986

 

注:HTTPS的连接不需要再客户端进行winrm 的任何配置。

 

上面的步骤可以用于解决下面这个问题:

对于经典Azure 虚拟机,默认虚拟机创建好之后 Powershell SSL就配置好了,可以直接访问虚拟机的 5986端口。如果不小心把 Personal下的自签名证书删除了该怎么办?

很简单,删除了自签名证书,可以使用管理员权限运行 cmd,执行下面的命令将原来的HTTPS Listener删除掉:

winrmdelete winrm/config/Listener?Address=*+Transport=HTTPS

 

删除后,再使用上面配置HTTPS Listener 的方法做一遍就好了。

阅读全文
2 0
mysql datetime 减法 mysql datetime 减法
原创粉丝点击
热门IT博客
腾讯人工智能腾讯人工智能
微软蓝牙鼠标mac配对微软蓝牙鼠标mac配对
淘宝信誉评价在哪
红色 模板 asp 源码
javascript基础面试题
linux mount linux
ipad pro 配件 知乎
千牛群发软件
老布淘宝店
微信无痕视频软件
矩阵的lu分解手动算法
有意思的网名知乎
java聊天机器人源代码
js上单s7出装
word2007数据透视表
linux制作pe启动盘
js throw
中文儿童编程软件
vb 动态数组
鹏业预算软件
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 至美纤体瘦身馆怎么样 纤体霜什么牌子好用 纤体瘦身霜 纤体 纤体梅排毒 瘦身纤体精油 长期吃纤体梅的危害 减肥膏 腿部瘦身 瘦美人减肥 七日瘦身减肥汤 连体瘦身衣 抽脂瘦身多少钱 瘦身贴有效果吗 纤夫 纤夫读音 纤夫的读音 纤夫拼音 纤夫烤鱼 纤夫的爱歌词 伏尔加河纤夫 纤夫的爱原唱 纤夫的爱简谱 纤夫的爱歌曲 纤夫的爱尹相杰于文华 纤夫的爱原唱原版 歌曲纤夫的爱原唱 伏尔加河纤夫曲 伏尔加河上的纤夫 伏尔加河上的纤夫赏析 伏尔加河上的纤夫歌曲 伏尔加河上的纤夫课文 诺纤妍秀 纤妍文胸 娇韵诗纤妍紧致慕斯面膜 纤妍内衣旗舰店 纤妍塑身衣 兰蔻紧致纤妍眼霜 诺纤妍秀减肥有效果吗 伊兰纤姿 纤瑾姿减肥怎么样

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里