diff --git a/Security-protection-of-various-files-in-win32-openssh.md b/Security-protection-of-various-files-in-win32-openssh.md index 948827d..02a1c9d 100644 --- a/Security-protection-of-various-files-in-win32-openssh.md +++ b/Security-protection-of-various-files-in-win32-openssh.md @@ -83,7 +83,7 @@ The new generated keys have current login use as owner and only grant the owner Add-PermissionToFileACL -FilePath $hostKeyFilePath -User "NT Service\sshd" -Perm "Read" Add-PermissionToFileACL -FilePath "$hostKeyFilePath.pub" -User "NT Service\sshd" -Perm "Read" ``` -2. Grant "NT Service\sshd" Read access to authorized_keys +2. On Setup Server machine, grant "NT Service\sshd" Read access to authorized_keys ``` $user = '' $userProfilePath = "$env:systemdrive\Users\$user" @@ -94,12 +94,12 @@ Add-PermissionToFileACL -FilePath "$userProfilePath\.ssh\authorized_keys" -User The keys generated by ssh-keygen.exe before [v0.0.13.0][build13] inherits permissions from the parent folder. Other accounts than allowed account types may also have access to the file. -1. Adjust file permission of private host key: Set current user as owner and grant current user full control and "NT Service\sshd" Read access. +1. On Setup Server machine, adjust file permission of private host key: Set current user as owner and grant current user full control and "NT Service\sshd" Read access. ``` Set-SecureFileACL -FilePath $hostPrivateKeyFilePath Add-PermissionToFileACL -FilePath $hostPrivateKeyFilePath -User "NT Service\sshd" -Perm "Read" ``` -2. Adjust file permission of public host key: Grant "NT Service\sshd" Read access. +2. On Setup Server machine, adjust file permission of public host key: Grant "NT Service\sshd" Read access. ``` Add-PermissionToFileACL -FilePath $hostPublicKeyFilePath -User "NT Service\sshd" -Perm "Read" ``` @@ -108,7 +108,7 @@ Add-PermissionToFileACL -FilePath $hostPublicKeyFilePath -User "NT Service\sshd" Set-SecureFileACL -FilePath $userPrivateKeyFilePath ``` -4. Adjust file permission of authorized_keys file: Set server login user as owner and grant server login user full control and "NT Service\sshd" Read access. +4. On Setup Server machine, adjust file permission of authorized_keys file: Set server login user as owner and grant server login user full control and "NT Service\sshd" Read access. ``` $user = '' $userProfilePath = "$env:systemdrive\Users\"