tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-23 14:04:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated OpenSSH utility scripts to fix file permissions (markdown)

Yanbing 2017-06-02 20:07:39 -07:00
parent 82ec4e8c61
commit 17069064fe
1 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
OpenSSH-utility-scripts-to-fix-file-permissions.md

@ -1,5 +1,8 @@
Powershell utility scripts are included starting release [v0.0.15.0](https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v0.0.15.0) to automatically fix the permissions on various keys and configuration files for host and user. [Secure protection of various files](https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH) explains why secure enforcement is needed. Powershell utility scripts are included starting release [v0.0.15.0](https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v0.0.15.0) to automatically fix the permissions on various keys and configuration files for host and user. [Secure protection of various files](https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH) explains why secure enforcement is needed.
- `FixHostFilePermissions.ps1`: checks and fixes the below permissions on default host files:
**`FixHostFilePermissions.ps1`**
It checks and fixes the below permissions on default host files:
- user's authorized_keys located at `$env:systemdrive\Users\...\.ssh\authorized_keys` - user's authorized_keys located at `$env:systemdrive\Users\...\.ssh\authorized_keys`
- host keys generated by `ssh-keygen.exe -A` in the same folder of the script - host keys generated by `ssh-keygen.exe -A` in the same folder of the script
- sshd_config in the same folder of the script - sshd_config in the same folder of the script
@ -8,7 +11,10 @@ Powershell utility scripts are included starting release [v0.0.15.0](https://git
# script prompt to confirm you want to update each permission if Quiet is not specified # script prompt to confirm you want to update each permission if Quiet is not specified
.\FixHostFilePermissions.ps1 .\FixHostFilePermissions.ps1
``` ```
- `FixUserFilePermissions.ps1`: checks and fixes the below file permissions for user's default files:
**`FixUserFilePermissions.ps1`**
It checks and fixes the below file permissions for user's default files:
- user's ssh_config located at `~\.ssh\config` - user's ssh_config located at `~\.ssh\config`
- user's keys located at `~\.ssh\id_rsa`, `~\.ssh\id_rsa.pub` - user's keys located at `~\.ssh\id_rsa`, `~\.ssh\id_rsa.pub`
- user's keys located at `~\.ssh\id_dsa`, `~\.ssh\id_dsa.pub` - user's keys located at `~\.ssh\id_dsa`, `~\.ssh\id_dsa.pub`
@ -17,7 +23,10 @@ Powershell utility scripts are included starting release [v0.0.15.0](https://git
# -Quiet suppresses prompting to confirm you want to update each permission # -Quiet suppresses prompting to confirm you want to update each permission
.\FixUserFilePermissions.ps1 -Quiet .\FixUserFilePermissions.ps1 -Quiet
``` ```
- Powershell module `OpenSSHUtils.psm1` checks and fixes customer specified files.
**`OpenSSHUtils.psm1` module**
It checks and fixes permissions on customer specified files.
- Function `Fix-HostSSHDConfigPermissions` fixes the sshd_config file specified by user - Function `Fix-HostSSHDConfigPermissions` fixes the sshd_config file specified by user
- Function `Fix-HostKeyPermissions` fixes the permission for host keys specified by user; **Note that to keep the host private keys secure, it is recommended to register them with ssh-agent following - Function `Fix-HostKeyPermissions` fixes the permission for host keys specified by user; **Note that to keep the host private keys secure, it is recommended to register them with ssh-agent following
steps in [link](https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH)**, but this function makes sure 'NT Service\sshd' has Read permission to the host keys for now in case they are not registered yet. steps in [link](https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH)**, but this function makes sure 'NT Service\sshd' has Read permission to the host keys for now in case they are not registered yet.