Is it possible to update the library to the latest one.

I’m running powershell scripts that use posh-ssh module. There’s an issue with the Renci.SshNet.dll that causes an error whenever trying to do dynamic ssh forwards. Similar to whats discussed here Cannot process argument transformation on parameter 'ShellStream'. Cannot convert the "Renci.SshNet.ShellStream" value of type "Renci.SshNet.ShellStream" to type "Renci.SshNet.ShellStream". · Issue #439 · darkoperator/Posh-SSH · GitHub

I did some troubleshooting and got to the point where it worked from a plain powershell session (solution was in the link above) but not when it fires from inside CTW

To fix the scripts/module when running from in CTW I need to rename/delete the Renci.SshNet.dll from the program files ( guess cause its running from that path and finds the dll where as the powershell session only looks in the .net assemblies folders). That obviously breaks all the builtin CTW SSH functionality which I also use for other things so rock and hard place.

Hoping the new 2023.0.1 release version doesn’t have the issue.

Hi, we will update the package we reference eventually but then you run into chasing versions between CTW and you’re other dependency. Have you tried using the Launch New Process option? This would run your script via powershell.exe rather than using the in-process powershell hosting.

I’ll give it a go tomorrow when i’m in the office and report back.

1 Like

so still testing this, working on another issue of running as a new process :frowning: svc_account mentioned is an admin on the machine, anyone got any ideas (I realise this isn’t a CTW problem)? I originally thought it was our appcontrol (threatlocker) blocking it but its not.

2024-02-08 07:45:18.704 +10:00 [ERR] Launching Process C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe as User: <domain.local>\svc_certifytheweb
Error Running Script: System.ComponentModel.Win32Exception (0x80004005): Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at Certify.Management.PowerShellManager.ExecutePowershellAsProcess(CertificateRequestResult result, String executionPolicy, String scriptFile, Dictionary2 parameters, Dictionary2 credentials, String scriptContent, PowerShell shell, Boolean autoConvertBoolean, String ignoredCommandExceptions, Int32 timeoutMinutes) in D:\a\certify-internal\certify-internal\src\certify-build\certify\src\Certify.Shared.Extensions\Utils\PowerShellManager.cs:line 323

Could it be the service account you’re running the script as doesn’t have read permission for the script itself?

Unfortunately it has permissions. But I was able to make a workaround by providing the script credentials to run the ssh commands with so I don’t need to run the script as the svc_ account.
It is able to spawn a new process if I run the task as the service account (SYSTEM). Running as a new process does resolve the initial issue.
Still haven’t worked out why the service account can’t spawn a powershell, but I have a solution for the original issue.

Sounds like good progress! We will also be releasing a version very soon with the updated SSH (because it enables more modern private key types in SSH) but it’s still a good idea to not directly depend on whatever version our app is loading.

Out of interest what’s the overall scenario you’re trying to achieve with your script? We already have copy over SSH support (Export Certificate task can copy over SSH) and Script via SSH and I wondered if there’s a way to use that for your use case.

The New key types is why I had to Update the poshssh module which started all the shenanigans (device had its firmware updated).
I need to update some certs on a network device, while there I also need to pull some other things back in to vars and update other things with that. Was easier to do in its own script.
I do use the built in export via ssh and also the run command to restart services on our simpler devices that need updating.

1 Like