From 2a6f3563737469ee5e15611002ab20ff4bf38c61 Mon Sep 17 00:00:00 2001
From: Yanbing <yawang@microsoft.com>
Date: Thu, 11 May 2017 17:59:41 -0700
Subject: [PATCH] Updated Install Win32 OpenSSH (markdown)

---
 Install-Win32-OpenSSH.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/Install-Win32-OpenSSH.md b/Install-Win32-OpenSSH.md
index badddb3..04cf57f 100644
--- a/Install-Win32-OpenSSH.md
+++ b/Install-Win32-OpenSSH.md
@@ -9,11 +9,12 @@
      * If you do see 22 occupied, [#610](https://github.com/PowerShell/Win32-OpenSSH/issues/610) has workarounds to deal with port conflict. 
 * Install sshd and ssh-agent services. 
      * `powershell -executionpolicy bypass -file install-sshd.ps1`
-* Setup SSH host keys (This will generate all the 'host' keys that sshd expects when its starts. The 'host' keys have current user as file owner and granted full control access starting from build v0.0.13.0.)
-     * `.\ssh-keygen.exe -A`
-* (Required starting build v0.0.13.0. ) Grant "NT service\sshd" read access the host private key files:
+* Setup SSH host keys 
+     * `.\ssh-keygen.exe -A` (This will generate all the 'host' keys that sshd expects when its starts. The generated 'host' keys are [secured][Secure file] starting from build v0.0.13.0.)
+     * If existing host keys are used instead of generate new, make sure they are [secured][Secure file].
+* (Required starting build v0.0.13.0. ) Grant "NT service\sshd" Read access the host key files:
      ```
-        Get-ChildItem -Path 'C:\Program Files\OpenSSH\ssh_host_*_key' | % {    
+        Get-ChildItem -Path 'C:\Program Files\OpenSSH\ssh_host_*_key*' | % {    
         $acl = get-acl $_.FullName
         $ar = New-Object  System.Security.AccessControl.FileSystemAccessRule("NT Service\sshd", "Read", "Allow")
         $acl.SetAccessRule($ar)
@@ -24,7 +25,7 @@
      * `Start-Service ssh-agent`
      * download psexec from [here](https://technet.microsoft.com/en-us/sysinternals/pstools)
      * launch cmd.exe as SYSTEM - `psexec.exe -i -s cmd.exe`
-     * register host keys in above cmd.exe
+     * register [secured][Secure file] host keys in above cmd.exe
      * `ssh-add ssh_host_dsa_key`
      * `ssh-add ssh_host_rsa_key`
      * `ssh-add ssh_host_ecdsa_key`
@@ -48,3 +49,5 @@ netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol
 * Start Powershell as Administrator
 * Uninstall
      * `powershell.exe -executionpolicy bypass -file uninstall-sshd.ps1`
+
+[Secure file]: https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-win32-openssh
\ No newline at end of file