tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-27 07:54:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated Security protection of various files in win32 openssh (markdown)

Yanbing 2017-05-11 17:14:56 -07:00
parent 22180469e8
commit e0e8dbb026
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Security-protection-of-various-files-in-win32-openssh.md

@ -83,7 +83,7 @@ The new generated keys have current login use as owner and only grant the owner
Add-PermissionToFileACL -FilePath $hostKeyFilePath -User "NT Service\sshd" -Perm "Read"
Add-PermissionToFileACL -FilePath "$hostKeyFilePath.pub" -User "NT Service\sshd" -Perm "Read"
```
2. Grant "NT Service\sshd" Read access to authorized_keys
2. On Setup Server machine, grant "NT Service\sshd" Read access to authorized_keys
```
$user = '<user>'
$userProfilePath = "$env:systemdrive\Users\$user"
@ -94,12 +94,12 @@ Add-PermissionToFileACL -FilePath "$userProfilePath\.ssh\authorized_keys" -User
The keys generated by ssh-keygen.exe before [v0.0.13.0][build13] inherits permissions from the parent folder. Other accounts than allowed account types may also have access to the file.
1. Adjust file permission of private host key: Set current user as owner and grant current user full control and "NT Service\sshd" Read access.
1. On Setup Server machine, adjust file permission of private host key: Set current user as owner and grant current user full control and "NT Service\sshd" Read access.
```
Set-SecureFileACL -FilePath $hostPrivateKeyFilePath
Add-PermissionToFileACL -FilePath $hostPrivateKeyFilePath -User "NT Service\sshd" -Perm "Read"
```
2. Adjust file permission of public host key: Grant "NT Service\sshd" Read access.
2. On Setup Server machine, adjust file permission of public host key: Grant "NT Service\sshd" Read access.
```
Add-PermissionToFileACL -FilePath $hostPublicKeyFilePath -User "NT Service\sshd" -Perm "Read"
```
@ -108,7 +108,7 @@ Add-PermissionToFileACL -FilePath $hostPublicKeyFilePath -User "NT Service\sshd"
Set-SecureFileACL -FilePath $userPrivateKeyFilePath
```
4. Adjust file permission of authorized_keys file: Set server login user as owner and grant server login user full control and "NT Service\sshd" Read access.
4. On Setup Server machine, adjust file permission of authorized_keys file: Set server login user as owner and grant server login user full control and "NT Service\sshd" Read access.
```
$user = '<user>'
$userProfilePath = "$env:systemdrive\Users\<user>"