Invoke-SSH Cmdlet
Parameters Output Objects Configuration Settings
The Invoke-SSHcmdlet is used to remotely execute a command on an SSH server.
Syntax
Invoke-SSH [parameters]
Remarks
This cmdlet establishes a Secure Shell (SSH) connection to a server and starts up the user's default shell. Using the cmdlet is very simple. The destination is specified by Server, and both user (default) and public-key authentication is supported. In order to use user authentication, set the Credential parameter. For public-key authentication, first set the AuthMode parameter to 'publickey'. Then set the UserName parameter and specify the certificate with CertStoreType, CertStore, and CertSubject. The cmdlet can also be used by specifying an SSH connection created from the Connect-SSH cmdlet.
Command contains the command you wish to execute on the remote machine. The output of the command is returned in one or more Shell objects. The exit code from the command that is executed will be returned in the LastExitCode variable.
The cmdlets support pipeline input for some of their parameters. Prebuilding an object and piping it to the cmdlet is very useful, but should be used with caution to prevent security conflicts. Steps have been taken to decrease the risk of a possibly accidental pipe to the cmdlet, for instance, the Credential parameter cannot be piped to the cmdlet and must be specified manually.
# execute a command using user authentication. Invoke-SSH -server SSH_SERVER -credential $mycred -command ls # execute a command using public key authentication. Invoke-SSH -server SSH_Server -user myusername -AuthMode publickey -CertStoreType pemkey -CertStore C:\mypath\id_rsa -CertPassword "password" -CertSubject "*" -command ls # execute a command using an already established SSH connection from the Connect-SSH cmdlet Invoke-SSH $ssh_connection -command ls # execute a command using raw shell access instead of SExec Invoke-SSH -server SSH_SERVER -credential $mycred -command 'ls -l' -EOL "`n" -ShellPrompt = '$ '
Connection Handling
This cmdlet supports persistent connections through the Connection parameter. To establish a new SSH connection, use the Connect-SSH cmdlet. To close the connection, use the Disconnect-SSH cmdlet.
Parameter List
The following is the full list of the parameters of the cmdlet with short descriptions. Click on the links for further details.
| Connection | An already established connection. |
| LogFile | The location of a file to which debug information is written. |
| AuthMode | The type of authentication used by the cmdlet. |
| CertPassword | The password to the certificate store. |
| CertStore | The name of the certificate store for the client certificate. |
| CertStoreType | The type of certificate store for the client certificate. |
| CertSubject | The subject of the certificate used for client authentication. |
| Command | The command to be sent to the server. |
| CompressionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
| Config | Specifies one or more configuration settings. |
| Credential | The PSCredential object to use for user/password authentication. |
| EncryptionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
| EOL | The end of line character to use for parsing the response. |
| FirewallHost | Name or IP address of firewall. |
| FirewallPassword | A password if authentication is to be used when connecting through the firewall. |
| FirewallPort | The port of the firewall to which to connect. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| Force | Forces the cmdlet to accept the default behavior instead of querying the user. |
| LocalIP | The IP address of the local interface to use. |
| LogFile | The location of a file to which debug information is written. |
| Password | The password to use for authentication. |
| PasswordPrompt | The shell prompt used for keyboard-interactive authentication. |
| Port | The port to be used. |
| Server | The address of the Server. |
| ShellPrompt | Specifies the shell prompt to wait for. |
| ShellPromptExpression | A regular expression to match the shell prompt returned by the server. |
| SSHAccept | The hex-encoded fingerprint of the host to trust explicitly. |
| Stdin | The text to feed the expression/command on the standard input stream. |
| Timeout | The maximum time allowed for the operation. |
| User | The username to use for authentication. |
Output Objects
The following is the full list of the output objects returned by the cmdlet with short descriptions. Click on the links for further details.
| Shell | Object containing stdout data returned from the Server . |
Configuration Settings
The following is a list of configuration settings for the cmdlet with short descriptions. Click on the links for further details.
| EnableEcho | Whether the commands sent to the server should be echoed. |
| SexecExitStatusVar | The name of a variable to store the exit status of a command executed via the SExec protocol. |
| TerminalHeight | The height of the terminal display. |
| TerminalWidth | The width of the terminal display. |
| TerminalUsePixel | Whether the terminal's dimensions are in columns/rows or pixels. |
| DisconnectOnChannelClose | Whether to automatically close the connection when a channel is closed. |
| TerminalModes | The terminal mode to set when communicating with the SSH host. |
| EncodedTerminalModes | The terminal mode to set when communicating with the SSH host. |
| StdInFile | The file to use as Stdin data. |
| TerminalHeight | The height of the terminal display. |
| TerminalWidth | The width of the terminal display. |
| TerminalUsePixel | Whether the terminal's dimensions are in columns/rows or pixels. |
| ClientSSHVersionString | The SSH version string used by the cmdlet. |
| SSHVersionPattern | The pattern used to match the remote host's version string. |
| SSHFingerprintHashAlgorithm | The algorithm used to calculate the fingerprint. |
| SignedSSHCert | The CA signed client public key used when authenticating. |
| SSHAcceptServerCAKey | The CA public key that signed the server's host key. |
| SSHAcceptAnyServerHostKey | If set the cmdlet will accept any key presented by the server. |
| SSHAcceptServerHostKeyFingerPrint | The fingerprint of the server key to accept. |
| SSHKeyExchangeAlgorithms | Specifies the supported key exchange algorithms. |
| SSHMacAlgorithms | Specifies the supported Mac algorithms. |
| SSHPublicKeyAlgorithms | Specifies the supported public key algorithms. |
| SSHKeepAliveInterval | The interval between keep alive packets. |
| SSHKeepAliveCountMax | The maximum number of keep alive packets to send without a response. |
| SSHKeyRenegotiate | Causes the component to renegotiate the SSH keys. |
| KeyRenegotiationThreshold | Sets the threshold for the SSH Key Renegotiation. |
| SSHPubKeyAuthSigAlgorithms | Specifies the signature algorithm when attempting public key authentication. |
| KerberosRealm | The fully qualified domain name of the Kerberos Realm to use for GSSAPI authentication. |
| KerberosDelegation | If true, asks for credentials with delegation enabled during authentication. |
| KerberosSPN | The Kerberos Service Principal Name of the SSH host. |
| LogSSHPackets | If true, detailed SSH packet logging is performed. |
| MaxPacketSize | The maximum packet size of the channel, in bytes. |
| MaxWindowSize | The maximum window size allowed for the channel, in bytes. |
| PasswordPrompt | The text of the password prompt used in keyboard-interactive authentication. |
| PreferredDHGroupBits | The size (in bits) of the preferred modulus (p) to request from the server. |
| RecordLength | The length of received data records. |
| ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
| FirewallAutoDetect | Tells the cmdlet whether or not to automatically detect and use firewall system settings, if available. |
| FirewallHost | Name or IP address of firewall (optional). |
| FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
| FirewallPort | The TCP port for the FirewallHost;. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| Linger | When set to True, connections are terminated gracefully. |
| LingerTime | Time in seconds to have the connection linger. |
| LocalHost | The name of the local host through which connections are initiated or accepted. |
| LocalPort | The port in the local host where the cmdlet binds. |
| MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
| MaxTransferRate | The transfer rate limit in bytes per second. |
| ProxyExceptionsList | A semicolon separated list of hosts and IPs to bypass when using a proxy. |
| TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
| UseIPv6 | Whether to use IPv6. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
| FirewallData | Used to send extra data to the firewall. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| UseBackgroundThread | Whether threads created by the cmdlet are background threads. |
| UseInternalSecurityAPI | Tells the cmdlet whether or not to use the system security libraries or an internal implementation. |