在生产环境中不建议使用CredSSP [英] CredSSP not recommended in Production environments
问题描述
我尝试使用PowerShell Remoting部署Sharepoint WSP项目。
I try deploy Sharepoint WSP projects using PowerShell Remoting.
请参见 https://sharepoint.stackexchange.com/questions/44880/powershell-remoting-sharepoint-2010-error
解决方案是为Sharepoint配置CredSSP。
Solution is configure CredSSP for Sharepoint.
但是微软表示:
警告:凭据安全服务提供者(CredSSP)
身份验证,其中用户的凭据传递到要进行身份验证的远程
计算机,它用于要求对多个资源进行
身份验证的命令,例如访问远程
网络共享。这种机制增加了
远程操作的安全风险。如果远程计算机受到威胁,则传递给它的
凭据可用于控制网络
会话。
Caution: Credential Security Service Provider (CredSSP) authentication, in which the user's credentials are passed to a remote computer to be authenticated, is designed for commands that require authentication on more than one resource, such as accessing a remote network share. This mechanism increases the security risk of the remote operation. If the remote computer is compromised, the credentials that are passed to it can be used to control the network session.
引用: http://technet.microsoft.com/zh- us / library / dd347668.aspx
在生产环境中不建议使用。
Not recommended in production environments.
任何建议使用Powershell远程处理和共享点进行部署?
Any suggestions for deploy using powershell remoting and sharepoint ?
Windows XP的更新
问题是Windows XP SP3中的WinRM 2.0不支持PowerShell的CredSSP。
Problem is WinRM 2.0 in Windows XP SP3 doesn't support CredSSP for PowerShell.
Powershell 2.0-WinRM 2.0 + Windows XP SP3 + CredSSP +部署SharePoint Remoting for SharePoint 2010
Powershell 2.0 - WinRM 2.0 + Windows XP SP3 + CredSSP + Deploy PS Remoting for Sharepoint 2010 NOT IS POSSIBLE
推荐答案
他们不建议这样做,因为如果第二跳是受到威胁,则存在该远程处理链中的所有系统受到威胁的风险。但是,如果您在安全的数据中心类型的环境中进行此操作,则不会有任何风险。
They do not recommend it because if the second hop is compromised, there is a risk that all the systems in that remoting chain are compromised. But, if you are doing this in a secure data center type environment, I don't see any risk.
但是,如果您仍然需要更好的安全性,我会建议使用SSL端点。
However, if you still need better security, I'd recommend using SSL endpoints.
这篇关于在生产环境中不建议使用CredSSP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
