From 8ee2c6f2c2812f6b65e6985ee3ed92e98cbd79d4 Mon Sep 17 00:00:00 2001
From: Yanbing <yawang@microsoft.com>
Date: Wed, 3 May 2017 19:06:44 -0700
Subject: [PATCH] Added step to grant "nt service\sshd" read access to private
 keys

---
 Install-Win32-OpenSSH.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Install-Win32-OpenSSH.md b/Install-Win32-OpenSSH.md
index 13795da..44ebe50 100644
--- a/Install-Win32-OpenSSH.md
+++ b/Install-Win32-OpenSSH.md
@@ -11,6 +11,15 @@
      * `powershell -executionpolicy bypass -file install-sshd.ps1`
 * Setup SSH host keys (this will generate all the 'host' keys that sshd expects when its starts)
      * `.\ssh-keygen.exe -A`
+* Grant "NT service\sshd" read access the host private key files:
+     ```
+        Get-ChildItem -Path 'C:\Program Files\OpenSSH\ssh_host_*_key' | % {    
+        $acl = get-acl $_.FullName
+        $ar = New-Object  System.Security.AccessControl.FileSystemAccessRule("NT Service\sshd", "Read", "Allow")
+        $acl.SetAccessRule($ar)
+        Set-Acl $_.FullName $acl
+     }
+     ```
 * Secure SSH host keys (optional)
      * `Start-Service ssh-agent`
      * download psexec from [here](https://technet.microsoft.com/en-us/sysinternals/pstools)