SSH key auth and Powershell New-PSSession = A specified logon session does not exist. #2100
Description
Prerequisites
- Write a descriptive title.
- Make sure you are able to repro it on the latest version
- Search the existing issues.
Steps to reproduce
Two windows 2019 servers joined into same domain.
OpenSSH is started on one of them using Local System account.
- ssh to the Windows server using key auth (ssh -i keyfile username@servername.fqdn)
- Create new PSSession (New-PSSession -ComputerName another.server.name.fqdn)
FYI - it works properly when you're authenticating via ssh using password.
Expected behavior
# ssh username@servername.fqdn
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\Users\username> New-PSSession -ComputerName another.server.name.fqdn
Id Name ComputerName ComputerType State ConfigurationName Availability
-- ---- ------------ ------------ ----- ----------------- ------------
1 WinRM1 another.serv... RemoteMachine Opened Microsoft.PowerShell AvailableActual behavior
# ssh username@servername.fqdn
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\Users\username> New-PSSession -ComputerName another.server.name.fqdn
New-PSSession : [another.server.name.fqdn] Connecting to remote server another.server.name.fqdn failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090
30e occurred while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
Other Possible Cause:
-The domain or computer name was not included with the specified credential, for example: DOMAIN\UserName or COMPUTER\UserName.
At line:1 char:1
+ New-PSSession -ComputerName another.server.name.fqdn
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : 1312,PSSessionOpenFailedError details
No response
Environment data
Name Value
---- -----
PSVersion 5.1.17763.3770
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.3770
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1Version
9.2.2.0
Visuals
No response