Closed youngercloud closed 1 year ago
Ansible can't use JEA, by definition it needs unrestricted access to be able to run the code that is needed. The win_shell
command you are running with is just calling powershell.exe
so it's a brand new process outside of the JEA session that the initial session is created in which is why it has unrestricted access and the session state you are seeing doesn't get applied.
I am actually surprised it got that far but this is not a valid scenario for Ansible and any of the limitations are placed on the server side and not the client.
Description: When using the Ansible PSRP module with a JEA role capability file, the file is not being applied correctly, leading to unlimited functionality instead of the expected limited cmdlets and functions defined in the role capability file.
Environment:
Steps to reproduce:
Expected behavior: The output of the get-command should be limited to the cmdlets and functions specified in the JEA role capability file.
Actual behavior: The output of the get-command includes all the commands available, indicating that the JEA role capability file is not being applied correctly.
Additional context: When testing the JEA endpoint using
Enter-PSSessionConfiguration
command directly on the target machine, the output appears as expected, showing only the limited cmdlets and functions defined in the role capability file. This suggests that the issue occurs when using the Ansible PSRP module.CC this issue @arslnmsd