tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-28 16:34:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated Security protection of various files in Win32 OpenSSH (markdown)

Manoj Ampalam 2017-05-25 11:23:52 -07:00
parent fffccc2a40
commit e0c4da9f26
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Security-protection-of-various-files-in-Win32-OpenSSH.md

@ -1,3 +1,38 @@
Various OpenSSH resource files are integral to secure working of both server and client stacks. Here we discuss how to protect these resources, how OpenSSH for Windows enforces permission checks and tips on how to fix any permission related issues.
The are 2 fundamental reasons leading to the differences between how these permission checks work on Unix vs Windows.
- SuperUser on Unix maps to either [System (SY)](https://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx) or [AdministratorsGroup (AG)] on Windows.
- Permission controlling in Windows is more granular than in Unix.
Its important to understand the distinction between "AdministratorsGroup" and an admin user. A logged on admin user would typically run processes in [non-elevated](https://msdn.microsoft.com/en-us/library/windows/desktop/dn742497(v=vs.85).aspx) mode. Even though an admin user is part of AG, these non-elevated processes do have authority to access resources that are locked only to AG.
Any misconfigured permissions would manifest as an attention seeking log entry. Ex. if a private key is not protected, you'll see the following:
```
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'ssh_host_dsa_key' are too open.
```
## Server side resources
### Host private key files
Host keys represent host's identity. To prevent unauthorized access to these files, host keys need to be owned by SY or AG. No other user should have access to host key files. Its recommended that host private keys be registered with ssh-agent. Otherwise, sshd service would require read access to these files.
Following is a misconfigured host private key because 'otheruser' owns it and has access to the key.
```
PS C:\>(get-acl .\ssh_host_dsa_key).owner
otheruser
PS C:\>icacls .\ssh_host_dsa_key
ssh_host_dsa_key NT SERVICE\sshd:(R)
BUILTIN\Administrators:(F)
otheruser:(R)
```
Steps to fix these permissions
```
PS C:\>icacls .\ssh_host_dsa_key /setowner system
PS C:\>icacls .\ssh_host_dsa_key /remove otheruser
```
# Secure protection of keys and config files # Secure protection of keys and config files
Starting with the release of [v0.0.13.0][build13], Win32-OpenSSH ensures any configuration and key files are secure before they are loaded. Starting with the release of [v0.0.13.0][build13], Win32-OpenSSH ensures any configuration and key files are secure before they are loaded.