From 6574e94d622154c27e29bfeba464cfb94fd3a0fc Mon Sep 17 00:00:00 2001 From: Manoj Ampalam Date: Fri, 19 Jan 2018 19:22:34 -0800 Subject: [PATCH] Updated Install Win32 OpenSSH (markdown) --- Install-Win32-OpenSSH.md | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/Install-Win32-OpenSSH.md b/Install-Win32-OpenSSH.md index 544ef8e..a299e8d 100644 --- a/Install-Win32-OpenSSH.md +++ b/Install-Win32-OpenSSH.md @@ -17,18 +17,6 @@ To figure out if this is the case, look for TCP port bindings on port 22 and the * To use existing customized sshd_config, you need to copy it from binary location to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory). * To use existing host keys, you need to copy them from binary location to %programdata%\ssh\ * Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false' (Note the first "." is a call operator.) to fix up these permissions. -1. Secure SSH host keys (optional) - * `Start-Service ssh-agent` - * Download psexec from [here](https://technet.microsoft.com/en-us/sysinternals/pstools) - * Launch cmd.exe as SYSTEM - * `psexec.exe -i -s cmd.exe` - * register host keys in above cmd.exe - * `ssh-add ssh_host_dsa_key` - * `ssh-add ssh_host_rsa_key` - * `ssh-add ssh_host_ecdsa_key` - * `ssh-add ssh_host_ed25519_key` - * Host private keys are now securely stored by ssh-agent, private key files can be deleted at this point. -[`sdelete`](https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete) may be used to securely erase them. 1. Open the firewall for sshd.exe to allow inbound SSH connections * `New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow` @@ -40,7 +28,7 @@ To figure out if this is the case, look for TCP port bindings on port 22 and the 1. Setup `sshd` and `ssh-agent` to auto-start (optional) * `Set-Service sshd -StartupType Automatic` * `Set-Service ssh-agent -StartupType Automatic` -1. Start the `sshd` and `ssh-agent` +1. Start `sshd` * `net start sshd` 1. Configuring the default ssh shell (optional)