tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-20 20:44:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated OpenSSH utility scripts to fix file permissions (markdown)

Manoj Ampalam 2017-06-02 22:21:48 -07:00
parent 76dd413943
commit a8d463d79a
1 changed files with 33 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
OpenSSH-utility-scripts-to-fix-file-permissions.md

@ -1,46 +1,48 @@
Powershell utility scripts are included starting release [v0.0.15.0](https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v0.0.15.0) to automatically fix the permissions on various keys and configuration files for host and user. [Secure protection of various files](https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH) explains why secure enforcement is needed. Powershell utility scripts included in [v0.0.15.0](https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v0.0.15.0) onwards, aid in fixing permissions on various OpenSSH key and configuration files. See [here] (https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH) for more details on how file permissions are enforced on Windows.
**`FixHostFilePermissions.ps1`** Improper file permissions will likely result in a broken configuration (OpenSSH fails to work). You may use the following scripts (provided in release payload) to help evaluate and fix any permission related issues.
It checks and fixes the below permissions on default host files: ### FixHostFilePermissions.ps1
- user's authorized_keys located at `$env:systemdrive\Users\...\.ssh\authorized_keys` Use it to fix file permissions on host side. Checks and fixes file permissions on:
- host keys generated by `ssh-keygen.exe -A` in the same folder of the script - sshd_config
- sshd_config in the same folder of the script - host keys generated by `ssh-keygen.exe -A`
- any authorized_keys located in user profiles (%userprofile%\user\.ssh\authorized_keys)
```PowerShell ```PowerShell
# script prompt to confirm you want to update each permission if Quiet is not specified # Usage
# Evaluate each file and prompt before making changes
.\FixHostFilePermissions.ps1 .\FixHostFilePermissions.ps1
# Evaluate and make changes without prompting
.\FixHostFilePermissions.ps1 -Quiet
``` ```
**`FixUserFilePermissions.ps1`** ### FixUserFilePermissions.ps1
Use it to fix permissions of client side files - keys and config files of current user. Checks and fixes permissions on:
It checks and fixes the below file permissions on user's default files: - `~\.ssh\config`
- user's ssh_config located at `~\.ssh\config` - `~\.ssh\id_rsa`, `~\.ssh\id_rsa.pub`
- user's keys located at `~\.ssh\id_rsa`, `~\.ssh\id_rsa.pub` - `~\.ssh\id_dsa`, `~\.ssh\id_dsa.pub`
- user's keys located at `~\.ssh\id_dsa`, `~\.ssh\id_dsa.pub`
```PowerShell ```PowerShell
# -Quiet suppresses prompting to confirm you want to update each permission # Usage
# Evaluate each file and prompt before making changes
.\FixUserFilePermissions.ps1
# Evaluate and make changes without prompting
.\FixUserFilePermissions.ps1 -Quiet .\FixUserFilePermissions.ps1 -Quiet
``` ```
**`OpenSSHUtils.psm1` module** ### OpenSSHUtils.psm1
Above 2 scripts use core functionality implemented in this base module. If you are dealing with a custom OpenSSH configuration, you may find the following functions useful.
It checks and fixes permissions on customer specified files.
- Function `Fix-HostSSHDConfigPermissions` fixes permission on sshd_config file specified by user
- Function `Fix-HostKeyPermissions` fixes permission for host keys specified by user; **Note that to keep the host private keys secure, it is recommended to register them with ssh-agent following
steps in [link](https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH)**, but this function suggests to grant 'NT Service\sshd' Read permission to the host keys. Choose no if they are registered already.
- Function `Fix-UserKeyPermissions` fixes the permissions on user's key files specified by user
- Function `Fix-AuthorizedKeyPermissions` fixes permissions on the authorized_keys file specified by user
- Function `Fix-UserSSHConfigPermissions` fixes permissions on user's ssh config specified by user
```PowerShell ```PowerShell
Import-Module .\OpenSSHUtils.psm1 -Force Import-Module .\OpenSSHUtils.psm1 -Force
# prompt to confirm you want to confirm you want to update each permission on the file # All routines following -Quiet semantics
Fix-HostSSHDConfigPermissions c:\test\sshd_config # fix permissions on a specified sshd_config
# -Quiet suppresses prompting to confirm you want to update each permission on the file Fix-HostSSHDConfigPermissions -FilePath c:\test\sshd_config
Fix-AuthorizedKeyPermissions -FilePath C:\Users\sshtest_ssouser\.ssh\authorized_keys -Quiet # fix permissions on a specified host key
Fix-HostKeyPermissions -FilePath c:\test\sshtest_hostkey_ecdsa -Quiet Fix-HostKeyPermissions -FilePath c:\test\sshtest_hostkey_ecdsa
# fix permissions on a specified authorized_key
Fix-AuthorizedKeyPermissions -FilePath C:\Users\sshtest_ssouser\.ssh\authorized_keys
# fix permissions a specific ssh_config
Fix-UserSSHConfigPermissions -FilePath '~\.ssh\config'
# fix permissions on an user key
Fix-HostUserPermissions -FilePath c:\test\sshtest_userssokey_ed25519 -Quiet Fix-HostUserPermissions -FilePath c:\test\sshtest_userssokey_ed25519 -Quiet
Fix-UserSSHConfigPermissions -FilePath '~\.ssh\config' -Quiet
``` ```