I am extremely excited to share that PowerShell is open sourced and available on Linux. (For those of you who need a refresher, PowerShell is a task-based command-line shell and scripting language built on the .NET Framework to help IT professionals control and automate the administration of the Windows, and now Linux, operating systems and the applications that run on them.) I’m going to share a bit more about our journey getting here, and will tell you how Microsoft Operations Management Suite can enhance the PowerShell experience.
Hell is slowly freezing over. Let’s see if they maintain this position, but if you tell me 10 years ago this was a possibility I would’ve laughed and called you a nut case.
They are undoing some of the mistakes of the Ballmer era, but the damage is already done. Notice how barely anyone outside a small subset of Microsoft advocates seem to care. It is because people on other platforms already have found other replacement tech now that Microsoft wouldn’t share theirs.
To win anyone back they need to sell a convincing argument that MS tech is better. Some of it is, *on Windows*, but why would anyone on Linux or macOS be interested in PowerShell? Those are the things they need to come up with good answers to in order to regain former strength.
PowerShell requires PowerShell to bootstrap, and outside of a few hand-picked distributions (Ubuntu LTS, CentOS 7, and OS X), it will not build.
To their defense, they’re easier to manage for inexperienced admins and for collaborative projects with sharepoint. Sharepoint still has horrors and nightmares for backups and configuration, but they’re taking all the feedback and fixing it.
Now if you want maximum control and security, it takes a lot of learning and investing into their ecosystem to actually do what you want because they only make it easier that way, which makes your point totally right for those cases.
“…it takes a lot of learning and investing into their ecosystem to actually do what you want…”
To came later at the realization it was a lost investment. The lower the technology in the stack, the longest the commitment to it should be, also the more ‘consortium’ -or open standard it should be.
Core tech need inter-generational commitment.
Excepting projects built from very small modules, there is no such thing as “personal itches”.
They’re trying to pass themselves off as ‘good guys’ now, but with some of the crap they’re doing with Windows 10 (liked deceptive upgrade screens and deleting apps from peoples’ computers without permission), you can tell it’s the same old Microsoft underneath. Don’t be fooled.
Saw the following article after making my last post about Win10 evilness:
http://www.ghacks.net/2016/08/19/windows-10-annoyance-system-apps/
I think MS is hoping they can find a way to get the bosses to force MS products onto their staff by selling its new cross platform capabilities.
They spent too many years making themselves as incompatible as possible with everything else so as to keep their monopoly. Their failure in mobile led to developer bleed and now they’re going back to the embrace part of their old methods in response.
Perhaps I’m being cynnical but MS racked up 20+ years of really bad behavior and its hard to believe they just reformed.
Actually ubuntu in Windows is more this …
You dont need osx (what I have seen being used by most of the devs and some admins)
You dont need Linux (again what I see most admins and some devs running)
Windows now supports all of the Linux commands … I dont want any employee forcing win 10 on its admins or devs due to this layer, personally to me MS hasnt changed, win 10 is a clear example of this, if MS had changed it wouldnt be forcing the horrific spyware on its users.
but in reality no shits are given by any one using Linux, who in the Linux community has requested powershell ?
I’ve seen it being used and meh. If I want to write an OO script I’ll use Python or Ruby, if I need something quick I’ll use shell and there is no way any of the tools powershell provides comes even close to the tools already used / available by the Linux community.
I don’t see how this is of any benefit or how microsoft are opening up and playing fair now. I dont see the need for it at all..
MS Office on OSX is terrible and people pay money for it (ask any one using outlook on osx). There is no official Linux version of MS Office. I hardly ever need an office suite and when I do libreoffice is more than good enough, but that’s just me. MS Office file formats are still an undecipherable mess even though they supposedly use some open format xml. If they really are a different company why don’t they support a true open format which could be made to render perfectly on any office suite or make excellent ports of ms office on osx and linux ?
Instead what they provide is a shell which is completely useless to practically 99.999% of either Linux or OSX users.
Microsoft are still dominant / monopolists on the desktop market and they are shitting on all windows 10 users with spyware, trying to cash in on advertising like google, but they are a distant second / third / fourth in mobile, server and cloud (the future)
This is nothing more than them trying to add value to their own server division, to try and woo companies back into their fold.
Look we are open source friendly now, you can run powershell which is absolutely useless for managing or running anything on your linux server estate you have running probably on aws. By the way Azure is great and powershell will be of use when you switch over to Azure and switch over to windows server, but in the meantime we want to take a powershit on your infrastructure please allow us to do so. If we find a way, we will reward you in the future by allowing spyware on your machines as well and a way for us to delete applications on your linux and osx machines as well. Its a gift we want to share for all desktop users not just our loyal minions running windows, by the way did you know we now support “ubuntu” apps on windows (hint hint, nudge nudge).
All hail Microsoft we want to embrace you, try to fold as much of your much more advanced technology into our stack, try to extend you and ultimately try and find a way to extinguish you ! All hail Microsoft we are different honest ..
Examine closely and you will see everything is reactionary to what Google, Apple or in fact any other competitor does, they are competing on many fronts and losing on most they are forced into this predicament, they cannot leverage the desktop monopoly for any other market as there are more advanced competitors.
They have lost mobile, destroyed nokia in the process.
They have lost the server wars and windows admins are relegated to managing AD and Exchange and users desktops, while the techs of any major company have migrated over to osx mainly (I wish it was linux but meh). I hardly ever see windows used in any major company I’ve worked in over the last 5 years, when it comes to the technology side of the business, its because of stuff like vagrant and docker that osx and linux are dominating.
They are offering excellent deals to major organisations to use azure in the hopes I can only assume of vendor lock-in. This wont work tools like Terraform will allow organisations to quickly move their stack to competing platforms as soon as MS start to hike prices up. Most organisations are a lot more agile than they once were, they can quickly change strategy they are no longer afraid to use emerging technologies and there is nothing emerging from microsoft that hasn’t been already done, or is just plain better on other platforms.
I give Microsoft about 10 years for their desktop dominance to fade, the mobile market will dominate the desktop market, hardware will evolve to a point where phones will become the new laptops and most of them run android and osx (this is already happening). Google wants a share of the desktop pie, I dont particularly want a google desktop they cant see past internet advertising as a form of revenue making (thats just me).
Once they lose desktop dominance they will become a software provider, they will sell stuff like office to whoever they can probably becoming like IBM, except IBM has a good hardware division to fall back on and can sell any service it wants. You can already see this happen with office for android and osx.
The cloud wars I dont see them ever dominating, too many players and their technology stack is just too far behind, their automation is pitiful and is only being held up by open source tools throwing them a bone. AWS dominates the market, then their is gcloud, which is again another competition front with Google. They realise this and they are just not capable of employing enough talented people to match what the open source community can provide.
Ultimately you have to remember, if you are talented would you want to work for a megacorp and be a number ? Or do you want to start your own company, work on an open source tool set build your own product(s) form your own company and make good money by selling supported easier to manage versions of your idea ?
Edited 2016-08-21 00:28 UTC
No one. What’s even funnier in that Azure piece of PR spin is that they claim people running Linux want .Net to run on it.
Sorry, I don’t think so. So I don’t think it’s safe to get dependent on anything they offer, if you’re not using Windows anyway.
Edit: to explain, if using their stuff gives them even a frivolous reason to sue you for some intellectual property reason, can you afford the lawsuit? Didn’t think so.
Edited 2016-08-19 10:37 UTC
1. Embrace
2. Extend
3. Extinguish
New era or… Old habits die hard ?
Think a trashed generation of coders is enough. Don’t think they’ll dare to commit the same crime again. Distrust is plenty justified. Also think They deserve another chance. I’m too old to give them that chance.
it pretty much looks so: Embrace Open Source in order to Extend Linux and OS X. Then control both of them (no need to Extinguish if already controlling them).
That’s not how EEE works, though.
It’s not even remotely close to how it works.
Errrr, it is.
https://www.youtube.com/watch?v=3Z9yK3sMDUU
Exactly !
I would imagine that there are Linux admins who have some Windows boxes to manage in their farms and this is a way for MS to ease their pain, albeit with a new pain. But at least it eventually saves some time after the lengthy typing session of typing commandls like get-thisreallylongcommand -withreallylongarguments |that dont format correctly on screen |and need additional fixes -y
It’s probably also good for reporting on those Windows machines too.
I was not impressed with Powershell as the commands and arguments are exceedingly long and inconsistent. It’s like several teams worked on the build and none of them knew about the others progress or processes. Imagine that.
At least once the management script is figured out and written, server farm admins will be able to save some time making changes to hundreds or thousands of computers, or generating reports.
As an added bonus for Microsoft the more efficient and skilled (read elegant) Linux community will also be inclined to fix the brokenness inherent in Powershell.
Also Windows Admins can now be replaced with a Powershell script.
Well, all the most-used commands have truncated aliases available to save on typing. At the same time, the longer names improves readability of scripts, esp. for people with less experience with PowerShell.
Apparently some of those aliases are names of unix commands like ls and wget. Only, the PowerShell’s wget and ls do not work like wget and ls in unix https://github.com/PowerShell/PowerShell/pull/1901
Don’t you just love it how that happens.
Yeah, I’d seen that. A couple people on Phoronix (Every time I read the comments there, I feel dirty) somehow took those aliases (and subsequent patch to fix it being rejected) as somehow part of Microsoft’s strategy to ultimately subvert and destroy Linux, when, as usual, the truth is far more mundane.
wget is the short version of Invoke-WebRequest, and ls is an alias of Get-ChildItem.
And, that was perfectly fine on Windows, but bring PS over to Linux, and it causes issues. Of course, ditching those aliases means existing scripts don’t work, or more likely, require extra work for porting.
That thread is absolutely hilarious. They broke expected behaviour for a bunch of command line tools that have been around for a *long* time, and that worked fine elsewhere on Windows in Cygwin and other systems for years, then they want ‘telemetry’ to justify fixing it. That gave me a pretty good laugh.
If you’re going to do this shit why even bother calling these commands by their traditional names at all? Nobody uses wget to mean Invoke-WebRequest, and that is so obvious it isn’t even funny. Everything that follows is just smoke, mirrors and misdirection. Fire and motion, as Joel Spolsky would call it.
I thought systemd threads had great comedic value but this runs out a winner by several lengths.
EDIT: Oh, some people are getting worried about trademark issues now!
Edited 2016-08-22 09:18 UTC
What are you going on about?
Yeah. The chief architect and inventor of PowerShell chiming in and saying “We are going to fix this” is smoke and mirrors, and a way of covering up their intention to NOT fix it.
He can tell us that sewer rat tastes like pumpkin pie, but that doesn’t mean anything will be done. There is only one fix here and everyone knows what it is. Sadly, continual PR on mailing lists doesn’t wash in the open source world.
It’s not a promising start and the author of curl is even more cynical than I am.
Edited 2016-08-22 22:15 UTC
Microsoft already added DSC and have been pushing Chef & Puppet on Windows for some time. Heck the support for Windows in Chef is quite impressive.
Frankly the whole love of objects vs text is silly.
Its just like the registry vs using text config files.
I will take text config files any day over a binary object database that is easy to corrupt, and impossible to manage easily remotely with scripts.
Edited 2016-08-19 15:29 UTC
Usually, I complain that object oriented code is for people who are too lazy to plan their code appropriately.
But powershell does have some benefits. Several years ago, I had to migrate a few hundred computers from one domain to another, changing usernames along the way. A user might have the username “bob” on the old domain, and “robertg” on the new domain.
In powershell, it was trivial to create a hash from a CSV file (user name mapping), then open the list of profiles on each machine, iterate through, and change the owner of each profile from old\user to new\uname, all handled as objects.
Then a second powershell script opened the exchange mailboxes as objects, copied them over to a different exchange server, changed ownership, updated the SMTP addresses, and added the old email address as an alias.
Next morning, bob comes in, logs in as “robertg” instead of “bob”, and gets his desktop, all his settings, and his exchange mailbox, right where he left it.
Being able to handle anything from a print queue, an exchange mailbox, a user profile, or a list of network mappings as “objects” that can be iterated and modified as needed, is incredibly useful.
People on the linux side scoff, and claim this isn’t necessary for linux, because linux is simpler– and then produce scripts to perform similar manipulations that are significantly longer than the equivalent powershell code.
I like linux, I like the fact that by and large, you don’t have large binary structures that are incomprehensible (gconf / dconf aside) without special tools– but when you start managing multiple distributions of Linux, you become painfully aware of the peculiarities of each distro.
Abstraction is a good thing. If you’re a joint windows / linux shop, I could see powershell being incredibly useful.
As solutions-in-search-of-an-answer like systemd propagate throughout Linux, I see powershell, or something like it, becoming necessary.
Ever heard of tools like puppet / ansible / chef / packer ?
Where you can automate the whole os installation to a point create an image and then based on role deploy out custom vms or servers ?
In your example I could probably write a one liner to do what you were doing, along the lines of:
sed -i s/old_username_format/new_username_format whatever.csv.
or if we want to do it on all linux boxes.
for srv in `cat list_of_server.txt`; do ssh $srv sudo sed -i s/old_user_format/new_user_format/ /etc/passwd; done (using .txt to make you understand its a text file, we dont actually care)
I would need to modify this further to change the shadow files and group files, but this would log into every single server that changes would need to be made and change the user regardless of distribution or just usermod and groupmod to change the names using your csv file and extrapolating the data. I bet I could write a one liner to do it and I bet it would take me about 5 – 10 minutes.
This would be the old way to do it, the new way would be to update a hiera yaml file for all of the usernames next time puppet runs all of the servers would have the changes applied and done (regardless of distribution in both cases), same thing with either ansible or chef or salt stack or whatever automation tool is used.
Furthermore to your argument about “significantly longer” than equivalent powershell code, I could write a python script, use stuff like paramiko and concurrent.futures, to not only ssh into multiple boxes concurrently (ie at the same time) but also do all of the necessary changes and make back-ups of the config files. This script I could then share on github and any one else facing this could re-use and at the same time if I ever needed to I could re-use it. In fact most decent linux admins have a bunch of tools they develop, adapt and re-use and they can be used on any distribution.
Basically what I am saying is your argument is invalid, exactly because Linux configs are mainly text files and more complex systems are api driven and what we write can be re-used and frankly we have systems in place that can manage thousands of servers and make modifications in seconds across all of them if necessary, come back to me when powershell allows anything near as powerful as this. You don’t have the technology and what you do have, is all from the open source world. The true MS tech stack is around a decade behind.
Also not having to deal with bullshit licensing headaches is worth using linux over windows any day of the week month or year.
No, what you’re saying is “powershell is useless because that’s not how I do things”– which is merely being closed-minded, and fairly typical for system administrators of any kind. We hate being told we’re doing things the wrong way, or the hard way, or the inconvenient way. You’re also making assumptions about windows technology that haven’t been valid for nearly 10 years.
Powershell on windows, in my experience, is a nifty tool that simplifies scripting operations under Windows. It already abstracts out all those windows API’s to a consistent scripting language, and works across the network, so it’s already doing what you claim it doesn’t do.
Powershell under linux has the potential to be, if nothing else, a demonstration of how things could be done differently under linux, and I’m not so closed-minded that I’m unwilling to contemplate a different way of doing things.
Ok so to cut this short you say you have used puppet and should already know how easy it is to manipulate users using it, but then say:
We constantly have to adapt and even learn new programming languages, but you have not shown me one way in which powershell is this amazing shell to revolutionise anything. To claim that “I am doing things the wrong way, or the hard way or the inconvenient way” is fallacious at best.
You have shown nothing about powershell that makes it the correct way of working, or the easier way or the less inconvenient way. In fact what you’ve shown is that its just a useless tool for linux environments, why bother learning .net and powershell when python is far more powerful ?
By the way your setup, as far as I understand it is as follows: you pull the usernames from the AD server then dump the user information into a yaml file, which you then feed to puppet to actually allocate the users.
I don’t understand the domain bit, why would you care about the domain for the linux machines if users are allocated using puppet? Why dont you setup something like this:
https://www.freeipa.org/page/About which also supports this: https://www.freeipa.org/page/IPAv3_AD_trust might make your life a little bit easier… Genuinely it all sounds a bit convoluted to me, but it sounds like student desktop management rather than actual server management so meh.
I have been forced recently to deal with windows servers for a couple of friends (windows 2012 server). They were showing me powershell, I looked at it and how excited one of them was with tab completion, I smirked. Its still the same rubbish, except the ui is now an even more inconsistent mess.
You have to realise, this might work for windows as they have modified all of the subsystems in windows to work with this and to produce objects, but this isnt how Linux works, we dont rely on objects and we have far more advanced configuration management tools to manage systems and far more comprehensive logging management solutions and other tools to manipulate the data. So while this might be something amazing for windows admins using a shell to get work done, it provides nothing of any actual use to Linux, its just a shell, whatever there’s few dozen already meh, I very much doubt companies or linux users will be rushing out to install this on their desktops and servers, its just meh, I certainly cba to even look at an example powershell script got better things to do.
Because it scales badly. I have 4 primary OS’s I support (RHEL/CentOS, Debian/Ubuntu), and two major versions for each, for a total of 8 primary distro/version combinations. They’re scattered across 15 different groups within the enterprise (oh, and the vast majority are application servers– workstations are a small portion).
So, where’s your one-liner to tell if the NFS service is running on all those machines? Because on Debian family, it’s going to be “nfs-common”. On RedHat, it’s going to be “nfs”. Sure, you can wildcard it, but then your results get a bit iffy.
Here’s my (two) one liners:
# mco service nfs status -W osfamily=RedHat
# mco service nfs-common status -W osfamily=Debian
I can also filter by puppet classes, facts, agents, identities– and it’s all driven by the same PKI infrastructure as my puppet service.
So, yeah– “stone age”.
Finally, FreeIPA is largely useless to me, because I’m working in an enterprise with not one, not two, but three, existing directory services (a few hundred thousand users in one, about eighty thousand in the second, and the third is fairly small), which I have no control over.
I don’t *WANT* to build a fourth, or even a duplicate, directory service. I want to be out of the user management business entirely.
So, I map AD groups to local groups / users. In the node yaml file (or domain, or org, because it is, after all, a hierarchy), I’ll add something like:
[ad group name]:
domain: [domain]
group: [local group]
This gets processed by my ENC script, which looks up that object in the relevant domain (I have three I support), and returns a yaml hash of every user in the object, along with a uid (based on RID, because we have no rfc2307). Puppet than reads that hash, iterates it, and creates a local user for every member of the hash. Puppet also configures krb5.conf for every domain, and updates pam.d/* to try each domain when a user logs in.
So we’re doing kerberos logins against an AD domain, using local accounts. Partially because winbind sucks, partially because of the way SAMBA does user membership (it doesn’t scale– the “groups” command can take 20+ seconds to complete).
Also defined in YAML is the “base UID” for puppet to manage– it will add / delete users above that number. End result is if someone is removed from an AD group, they’re automatically removed from all the servers using that AD group for mapping within 30 minutes (puppet agent runs twice per hour).
grat btw I apologise if I came across as harsh, I know what your getting at, if implemented correctly its a neat idea.
I just don’t think powershell is the answer on linux and I think linux as a whole is moving in a completely different direction. If you look at docker, all of the older paradigms are being ripped up and thrown out, everything is mutable in the modern age. Docker container crashes, so what just spin up 2 more need to change usernames, dont bother just delete the docker containers create new ones with new names and done.
Everything is becoming expendable even core infrastructure like load balancers which is all moving to vms.
Its getting to a stage now where people dont even care about the distribution ive seen mixed ubuntu, debian and centos containers to manage different aspects of a web application, all different as the containers provided by different sources are different.
The logs are all sent off to remote logging nodes (ELK stack) without a care in the world if the container crashes and is torn apart, its just a small cog can get 5 more up and running to replace it.
When you look at how things are changing, shells really are low priority these days.
The equivalent under traditional (non-systemd, non-upstart) init systems on Linux is (with minor variation for different distros):
for service in `ls /etc/init.d` ; do
/etc/init.d/$service stop
done
Which is shorter, and arguably more clear than the power shell equivalent, and also doesn’t care about capitalization.
I’m not certain about doing this on upstart or systemd (I have zero experience with upstart and almost none with systemd), but it is still possible there (albeit with much more complicated scripting involved.
The biggest difference about this though is that it will almost certainly run faster for the same number of services than the power shell equivalent will. I do a lot of work on both Linux and Windows systems, and I consistently see functionally identical scripts run faster on Linux. As an example, getting the current user’s SID in power shell consists of:
add-type -assemblyname System.DirectoryServices.AccountManagement
[System.DirectoryServices.AccountManagement.UserPrincipal]::Current.SI D.Value
This pretty much condenses down to ‘Import the tree of objects which represents the account management interface, then give me the value of the SID attribute of the object within that tree representing me’. On Windows 10 on my laptop, this takes about 7 seconds total (with the second part taking more than 90% of the time). The equivalent for getting the current user’s UID on Linux is:
getent passwd `whoami` | cut -d ‘:’ -f 3
This equates to: ‘Tell me who I am, give me the user info for that user, then give me the third colon delimited field from that user info’. Which takes 4ms on the exact same hardware running under Gentoo, and about 8ms on the exact same hardware under Debian. In all cases, this is using only local user databases, so there is no network latency involved, just the OS and the shell.
Looking further at the original example, it also shows a big difference in the Windows and UNIX philosophy. On Windows, you need a special tool to do just about everything, while on Linux you just need a shell, a text editor, and some basic file manipulation utilities. Stopping a single service from power shell on Windows consists of:
Get-Service *foo* | Stop-Serivce
On most UNIX systems, from just about any shell, it’s:
/etc/init.d/foo stop
To use the example of a service as an object, on Windows, it’s a opaque binary hash which has to be parsed to learn anything. This is theoretically great for a machine, except it for some reason causes all kinds of performance issues (aside from the required conversion from the internal representation to a human readable one). On UNIX, the object is a script that handles starting and stopping the service, as well as interacting with it in other ways (such as reloading config files). This is much simpler for a human to deal with, and is still easily handled by a machine efficiently (take a look at starting and stopping services remotely via power shell and via a tool like Ansible or Puppet, it demonstrates a similar performance difference to the example I gave above, except most of the time is spent in the network stack).
Powershell is an interesting idea but it’s not really an everyday shell like bash. The verbosity alone is enough to drive almost anyone insane even despite tab completion. I cannot keep any useful commands series in my head.
It shines administering some Windows server applications but for me that’s all it is good for. I’m not sure how it would fit on a Linux distribution.
I’ll agree the syntax is more Windows friendly than Unix (and lends some strength to the claim that Windows NT was a spin-off of VMS, an equally verbose command line).
However, it’s the concept I’m more interested in. I’ve done a lot of system administration, from VMS, to Unix, to NetWare, to Windws and these days I’m a linux admin, and conceptually, PowerShell is a different paradigm.
The underlying concept really impresses me– it’s a command line interface (with scripting) to your windows infrastructure.
Something like it, with “cmdlets” for linux, written as, say, a python module, could be a very useful tool. Combine it with the configuration management of tools like puppet/ansible/chef, package management tools, user management tools, etc., and you could have something pretty spiffy.
I’m sure we’ve all had to deal with that guy who just got fired– being able to write something like:
$nodes = getNodes;
for $n in ($nodes) {
$u = $n.users(“fred”);
$u.disable = “true”;
}
That grabs a list of your nodes, searches each for a user named “fred” and disables the account if found– that would be useful.
There are other ways to skin this particular cat– in my network, I (more accurately, Identity & Account Management) remove “fred” from the AD group(s) that controls access to my servers, and within 30 minutes, he’s magically disappeared from all my servers, but I’m probably an exception.
It’s not that I consider PowerShell to be an indispensable tool (haven’t touched it in years). But I think the paradigm shift that it represents is worth paying attention to.
It was a really nifty idea like you said. I think most of us realized that long ago. It just never panned out to be anything more than a server administration tool. It’s very different than Linux where bash is a shell you can live in.
As far as disabling a user globally, things are pretty similar to your situation if your using NIS or straight LDAP for account management (except things propagate much faster usually), and in most organizations, that’s the case.
Alternatively, with Ansible, if you have your host inventory set up properly, you can globally remove a user trivially with the following:
ansible ‘*’ -m user -a ‘name=fred state=absent remove=yes’
or globally disable him with a command like this:
ansible ‘*’ -m shell -a ‘if [ \`getent passwd fred\` ] ; then passwd -l fred ; usermod -e 1 ; fi’
Such commands are actually possible with other distributed system management tools like Puppet as well, and the shell fragment after -a in the second example inside the single quotes will work on almost any UNIX system to completely lock out an account if it exists on the system. The fragment itself is actually really simple: If the account ‘fred’ exists, ‘getent passwd’ will return a string, otherwise, it returns nothing. ‘passwd -l’ locks the account’s password (can’t be used to login and can’t be changed), while ‘usermod -e 1’ sets the expiration date to 1970-01-02, which then prevents non-password based access (via SSH keys for example).