From 31932d744f95a06a7b99db2eed398ad57b461670 Mon Sep 17 00:00:00 2001
From: Manoj Ampalam <manojampalam@live.com>
Date: Mon, 15 May 2017 00:07:03 -0700
Subject: [PATCH] Updated Security protection of various files in Win32 OpenSSH
 (markdown)

---
 Security-protection-of-various-files-in-Win32-OpenSSH.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Security-protection-of-various-files-in-Win32-OpenSSH.md b/Security-protection-of-various-files-in-Win32-OpenSSH.md
index 19d611b..06d783e 100644
--- a/Security-protection-of-various-files-in-Win32-OpenSSH.md
+++ b/Security-protection-of-various-files-in-Win32-OpenSSH.md
@@ -24,6 +24,8 @@ authorized_keys   NT SERVICE\sshd:(R)
                   someotheruser:(R) 
 ```
 - Host specific resources on server side - host private keys
+In a secure configuration, host private keys should be registered with ssh-agent. See [wiki](https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH) for details on how to secure host keys.
+If the private keys are directly consumed by SSHD, following are enforced:
   - Should be owned by "SYSTEM" (or Administrators group)
   - Should not be accessible to other users or groups (other than Administrators group).
   - "NT Service/sshd" can only have (R) access.