Forum Discussion
Securing (SSL) WINRM connection to remote servers
Honolulu uses WinRM via TCP/5985 to connect to remote servers. Only to my knowledge WinRM via TCP/5985 by default is not encrypted. How can we use Project Honolulu with WinRM via HTTPS (TCP/5986)?
3 Replies
We are tracking this request here, please add your vote: https://windowsserver.uservoice.com/forums/295071-management-tools/suggestions/34562473-use-winrm-over-ssl-port-5986-to-connect-to-remote
Actually, WinRM over HTTP is encrypted if you don't use Basic or Digest authentication.
https://foxdeploy.com/2017/02/08/is-winrm-secure-or-do-i-need-https/
The communication is still encrypted, but you can't verify server identity. A hacker can steal NTLM hash and crack it.
Everything is good if your machines are in domain. Kerberos is used in this case.
- Stupidest limitation ever! In our Enterprise we only use WinRM HTTPS TCP/5986 as you should be doing for Infrastructure mgmt.... I was really looking forward to using this, but it's so slow between clicks & this is definately a showstopper. 1st I had to allow it to talk to the internet due to signature verification 1x even though it's touted as being offline ready & now this...
