tyler.durden/Win32-OpenSSH
1
0
Fork 0
mirror of https://github.com/PowerShell/Win32-OpenSSH.git synced 2025-07-31 01:45:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated ...md (markdown)

manojampalam 2016-02-24 19:06:18 -08:00
parent e6dce6aaa8
commit f64c749b54
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
...md.md

@ -82,7 +82,7 @@ SSHD will be implemented as a Windows service, running in its [virtual account](
SSHD host public keys and configuration files will be [ACL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374872(v=vs.85).aspx)ed to allow READ by NT Service\SSHD. SSHD host private keys are ACLed to admin-only access - mandating that relying signature generation happens in a privileged process. We will be leveraging ssh-agent for this purpose, adding additional logic to launch it automatically on demand (most likely using COM). ssh-agent will serve all signature requests irrespective of whether the private key is password protected/not.
As detailed earlier, session isolation in Windows will be done using CreateProcess based custom logic (in place of fork based logic in Unix). Spawned child process will run in NT Service\SSHD too.
As detailed earlier, session isolation in Windows will be done using CreateProcess based custom logic (in place of fork based logic in Unix). Spawned child process will run as NT Service\SSHD too.
Authentication logic will be different between Windows and Unix. Password authentication is done using [LogonUser](https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx) while
Key-based authentication will be implemented in a custom [SSP](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380497(v=vs.85).aspx) that is executed in [lsass](https://msdn.microsoft.com/en-us/library/aa939478(v=winembedded.5).aspx).