From ccb49086be14878c1e5c8d6a99628787ee7e9cc7 Mon Sep 17 00:00:00 2001
From: Manoj Ampalam <manojampalam@live.com>
Date: Mon, 15 May 2017 00:09:28 -0700
Subject: [PATCH] Updated Security protection of various files in Win32 OpenSSH
 (markdown)

---
 Security-protection-of-various-files-in-Win32-OpenSSH.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Security-protection-of-various-files-in-Win32-OpenSSH.md b/Security-protection-of-various-files-in-Win32-OpenSSH.md
index 06d783e..8d5fe70 100644
--- a/Security-protection-of-various-files-in-Win32-OpenSSH.md
+++ b/Security-protection-of-various-files-in-Win32-OpenSSH.md
@@ -23,9 +23,7 @@ authorized_keys   NT SERVICE\sshd:(R)
                   userA:(F)
                   someotheruser:(R) 
 ```
-- Host specific resources on server side - host private keys
-In a secure configuration, host private keys should be registered with ssh-agent. See [wiki](https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH) for details on how to secure host keys.
-If the private keys are directly consumed by SSHD, following are enforced:
+- Host specific resources on server side - host private keys. In a secure configuration, host private keys should be registered with ssh-agent. See [wiki](https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH) for details on how to secure host keys. If the private keys are directly consumed by SSHD, following are enforced:
   - Should be owned by "SYSTEM" (or Administrators group)
   - Should not be accessible to other users or groups (other than Administrators group).
   - "NT Service/sshd" can only have (R) access.