How chef station in linux access chef client in windows avoid specifying username and password


Now, my chef station is in linux, some chef clients are in windows and some are in linux.

Then i use the command: knife ssh ‘name:delta.*’ ‘sudo chef-client’, to let my linux node execute ‘chef-client’.

But for windows node, i had to execute the command like this: knife winrm ‘’ “chef-client” -x ‘DELTA\user’ -P ‘123456’.

As far as i know, if we use ssh protocol, we can save the pub key of work station to each node, then we can execute the first command without username and password successfully, so that i can deploy multiple clients.

But how can i do this in the second command as i use winrm protocol to access the windows node?


On Windows nodes you do have to use a username and password. Winrm actually does support certificate auth and the winrm ruby gem added support for that just a few months ago. However knife winrm does not yet support it.



Thank you for reply.

In this situation, i manage multiple nodes of windows, How can i deploy my cookbook to multiple nodes in one command ? Is it having other way to do this?


Assuming each node can authenticate the same credentials, you can use knife winrm as you would knife ssh by using a search.


Please don’t ask on both StackOverflow ( and here simultaneously. It’s rude and disrespectful of the time people volunteer to provide user support.



Deeply sorry for that, i delete the question in statckoverflow.



Do you have any link about doing this? i don’t find any content about it in the user guide.


The chef docs page is here and the github readme refer to it. Are you having issues using the command?



I’m new to chef, so maybe my explanation is not clear.

Here is the situation, after i execute this command :
knife bootstrap windows winrm -x ‘DELTA\user’ -P ‘123456’,
and the chef client is installed into my windows machine. After that i can use this command below to deploy my cookbook successfully,
knife winrm ‘’ “chef-client” -x ‘DELTA\user’ -P ‘123456’.
but as you know i don’t want to use the username and password in this command, and you have said knife winrm does not support it yet now.
so i’m a little confusion about the sentence as you replied later “Assuming each node can authenticate the same credentials, you can use knife winrm as you would knife ssh by using a search.”. How can i do like what you said?


My apologies for the confusion here. So let me try to clarify.

When using knife winrm, you do need to specify a username and password in the command every time. That is NOT like knife ssh. However it is the same as knife ssh in all other aspects. You can specify a query to search for nodes and then run a command on each node. The key difference is that with knife winrm you must provide a username and password and if there are multiple nodes you want to converge, then each of those nodes must have the same credentials.



Thank you, i understand.
If i use freeSSHd and WinSSHD service in the windows like the doc says, Can i avoid this situation ? because as you know we may have hundreds windows nodes to manage, i really do not want to specify username and password for each node when i deploy my cookbook.


yes. If you have a ssh server running on the windows nodes, you can avoid that and just run knife ssh everywhere.


ok, i will have a try.
And thanks very much.