Changed the flow to make it more clear what applies to key-based auth

Deploy-Win32-OpenSSH.md

@@ -8,17 +8,17 @@
 * Open Firewall
      * start PowerShell
      * new-netfirewallrule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
-* Install key-auth package if you need key-based authentication
+* If you need key-based authentication:
-     * run setup-ssh-lsa.cmd
+     * Install key-auth package
-     * reboot
+          * run setup-ssh-lsa.cmd
-* Run SSH daemon as System (See below for alternative options)
+          * reboot
-     * Download PSTools from [SysInternals](https://technet.microsoft.com/en-us/sysinternals/bb897553)
+     * Run SSH daemon as System (See below for alternative options)
-     * psexec.exe -i -s cmd.exe
+          * Download PSTools from [SysInternals](https://technet.microsoft.com/en-us/sysinternals/bb897553)
-     * Within cmd.exe - launch sshd.exe
+          * psexec.exe -i -s cmd.exe
-* Running SSH daemon as Admin user
+          * Within cmd.exe - launch sshd.exe
-     * Note - SSH daemon needs to run as System to support key-based authentication
+* Running SSH daemon as Admin user (Note - SSH daemon needs to run as System to support key-based authentication)
-     * Give Admin user SE_ASSIGNPRIMARYTOKEN_NAME (steps below)
+     * Give Admin user SE_ASSIGNPRIMARYTOKEN_NAME
-     * secpol.msc -> Local Policies -> UserRightsAssessment  
+          * secpol.msc -> Local Policies -> UserRightsAssessment  
-     * Add the Admin user to "Replace a process level token"
+          * Add the Admin user to "Replace a process level token"
-     * Log off and Log in.
+          * Log off and Log in.
      * In elevated cmd.exe, start sshd.exe