New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues connecting to remote Windows Host #6768
Comments
Is it defaulting to the https port? Also try the --insecure flag.
…On Thu, Oct 5, 2023 at 17:38 April Marx ***@***.***> wrote:
I'm currently trying to test the dev-sec windows baseline, however when i
run the following inspec command:
inspec exec windows-baseline -t winrm://192.168.1.2 --user 'username'
--password 'password'
i get the following error:
'''
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in
initialize': Digest initialization failed: initialization error
(OpenSSL::Digest::DigestError) from
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in
block (3 levels) in class:Digest'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:in
new' from
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:in
block (3 levels) in class:Digest'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:149:in
ntlm_hash' from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:162:in
ntlmv2_hash'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:192:in
ntlmv2_hash' from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:196:in
calculate_user_session_key!'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:27:in
authenticate!' from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client.rb:36:in
init_context'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:244:in
init_auth' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:168:in
send_request'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:153:in
max_envelope_size_kb' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:78:in
max_fragment_blob_size'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:203:in
fragmenter' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:167:in
block in open_shell_payload'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:in
map' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:in
open_shell_payload'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:123:in
open_shell' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:170:in
block in open'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/retryable.rb:35:in
retryable' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:168:in
open'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:128:in
with_command_shell' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:79:in
run'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/train-winrm-0.2.13/lib/train-winrm/connection.rb:127:in
block in run_command_via_connection' from
/home/user/.local/share/gem/ruby/3.0.0/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in
block in create_with_logging_context'
'''
The winRM configuration in the Remote host is the following:
PS C:\Windows\system32> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL =
O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Any help appreciated. I can't seem to force inspec to use basic
authentication, the flag --winrm-basic-auth-only is completely ignored when
used.
—
Reply to this email directly, view it on GitHub
<#6768>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALK42GAMZYD35AAY3IJLHDX54SFNAVCNFSM6AAAAAA5U42CK6VHI2DSMVQWIX3LMV43ASLTON2WKOZRHEZDSMJQGA2DOMA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
I just tried the following: inspec exec windows-baseline\ inspec/ -t winrm://192.168.1.2:5985 --user='username' --password='password' --reporter html2:report.html --insecure --winrm-basic-auth-only Same result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm currently trying to test the dev-sec windows baseline, however when i run the following inspec command:
inspec exec windows-baseline -t winrm://192.168.1.2 --user 'username' --password 'password'
i get the following error:
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in
initialize': Digest initialization failed: initialization error (OpenSSL::Digest::DigestError) from /home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in
block (3 levels) in class:Digest'from /home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:in
new' from /home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:in
block (3 levels) in class:Digest'from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:149:in
ntlm_hash' from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:162:in
ntlmv2_hash'from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:192:in
ntlmv2_hash' from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:196:in
calculate_user_session_key!'from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:27:in
authenticate!' from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client.rb:36:in
init_context'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:244:in
init_auth' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:168:in
send_request'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:153:in
max_envelope_size_kb' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:78:in
max_fragment_blob_size'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:203:in
fragmenter' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:167:in
block in open_shell_payload'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:in
map' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:in
open_shell_payload'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:123:in
open_shell' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:170:in
block in open'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/retryable.rb:35:in
retryable' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:168:in
open'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:128:in
with_command_shell' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:79:in
run'from /home/user/.local/share/gem/ruby/3.0.0/gems/train-winrm-0.2.13/lib/train-winrm/connection.rb:127:in
block in run_command_via_connection' from /home/user/.local/share/gem/ruby/3.0.0/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in
block in create_with_logging_context'The winRM configuration in the Remote host is the following:
PS C:\Windows\system32> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Any help appreciated. I can't seem to force inspec to use basic authentication, the flag --winrm-basic-auth-only is completely ignored when used.
The text was updated successfully, but these errors were encountered: