From ef301478146aea9a4d93a56b362981506d6d9ce2 Mon Sep 17 00:00:00 2001
From: manojampalam <manojampalam@live.com>
Date: Sun, 15 May 2016 13:45:15 -0700
Subject: [PATCH] Updated Install Win32 OpenSSH (markdown)

---
 Install-Win32-OpenSSH.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Install-Win32-OpenSSH.md b/Install-Win32-OpenSSH.md
index e481309..bfdf415 100644
--- a/Install-Win32-OpenSSH.md
+++ b/Install-Win32-OpenSSH.md
@@ -6,6 +6,16 @@
      * `cd 'C:\Program Files\OpenSSH-Win32'`
 * Setup SSH host keys (this will generate all the 'host' keys that sshd expects when its starts)
      * `.\ssh-keygen.exe -A`
+* Secure SSH host keys
+     * `net start ssh-agent`
+     * download psexec from [here](https://technet.microsoft.com/en-us/sysinternals/psexec.aspx)
+     * launch cmd.exe as SYSTEM - `psexec.exe -i -s cmd.exe`
+     * register host keys in above cmd.exe
+     * `ssh-add ssh_host_dsa_key`
+     * `ssh-add ssh_host_rsa_key`
+     * `ssh-add ssh_host_ecdsa_key`
+     * `ssh-add ssh_host_ed25519_key`
+     * host private keys are now securely stored by ssh-agent, private key files can be removed at this point.
 * Open Firewall
      * `New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH`
 * If you need key-based authentication, run the following to setup the key-auth package