Update install sshd (#585)
This commit is contained in:
Tess Gauthier
GitHub
parent
6bd66d4685
commit
672c7eb270
|
|
@ -273,7 +273,7 @@ function Repair-UserSshConfigPermission
|
|||
<#
|
||||
.Synopsis
|
||||
Repair-SSHFolderPermission
|
||||
Repair the file owner and permission of ssh folder & any files inside it
|
||||
Repair the folder owner and permission of ProgramData\ssh folder
|
||||
#>
|
||||
function Repair-SSHFolderPermission
|
||||
{
|
||||
|
|
@ -281,20 +281,41 @@ function Repair-SSHFolderPermission
|
|||
param (
|
||||
[parameter(Mandatory=$true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$sshProgDataPath)
|
||||
[string]$FilePath)
|
||||
|
||||
# SSH Folder - owner: System or Admins; full access: System, Admins; read or readandexecute/synchronize permissible: Authenticated Users
|
||||
Repair-FilePermission -FilePath $sshProgDataPath -Owners $adminsSid, $systemSid -FullAccessNeeded $adminsSid,$systemSid -ReadAndExecuteAccessOK $authenticatedUserSid
|
||||
# Files in SSH Folder (excluding private key files)
|
||||
# owner: System or Admins; full access: System, Admins; read/readandexecute/synchronize permissable: Authenticated Users
|
||||
$privateKeyFiles = @("ssh_host_dsa_key", "ssh_host_ecdsa_key", "ssh_host_ed25519_key", "ssh_host_rsa_key")
|
||||
Get-ChildItem -Path (Join-Path $sshProgDataPath '*') -Recurse -Exclude ($privateKeyFiles) -Force | ForEach-Object {
|
||||
Repair-FilePermission -FilePath $_.FullName -Owners $adminsSid, $systemSid -FullAccessNeeded $adminsSid, $systemSid -ReadAndExecuteAccessOK $authenticatedUserSid
|
||||
Repair-FilePermission -Owners $adminsSid, $systemSid -FullAccessNeeded $adminsSid,$systemSid -ReadAndExecuteAccessOK $authenticatedUserSid @psBoundParameters
|
||||
}
|
||||
# Private key files - owner: System or Admins; full access: System, Admins
|
||||
Get-ChildItem -Path (Join-Path $sshProgDataPath '*') -Recurse -Include $privateKeyFiles -Force | ForEach-Object {
|
||||
Repair-FilePermission -FilePath $_.FullName -Owners $adminsSid, $systemSid -FullAccessNeeded $systemSid, $adminsSid
|
||||
|
||||
<#
|
||||
.Synopsis
|
||||
Repair-SSHFolderFilePermission
|
||||
Repair the file owner and permission of general files inside ProgramData\ssh folder
|
||||
#>
|
||||
function Repair-SSHFolderFilePermission
|
||||
{
|
||||
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
|
||||
param (
|
||||
[parameter(Mandatory=$true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$FilePath)
|
||||
|
||||
Repair-FilePermission -Owners $adminsSid, $systemSid -FullAccessNeeded $adminsSid, $systemSid -ReadAndExecuteAccessOK $authenticatedUserSid @psBoundParameters
|
||||
}
|
||||
|
||||
<#
|
||||
.Synopsis
|
||||
Repair-SSHFolderPrivateKeyPermission
|
||||
Repair the file owner and permission of private key files inside ProgramData\ssh folder
|
||||
#>
|
||||
function Repair-SSHFolderPrivateKeyPermission
|
||||
{
|
||||
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
|
||||
param (
|
||||
[parameter(Mandatory=$true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$FilePath)
|
||||
|
||||
Repair-FilePermission -Owners $adminsSid, $systemSid -FullAccessNeeded $systemSid, $adminsSid @psBoundParameters
|
||||
}
|
||||
|
||||
<#
|
||||
|
|
@ -808,4 +829,4 @@ function Enable-Privilege {
|
|||
$type[0]::EnablePrivilege($Privilege, $Disable)
|
||||
}
|
||||
|
||||
Export-ModuleMember -Function Repair-FilePermission, Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission, Enable-Privilege, Get-UserAccount, Get-UserSID, Repair-AdministratorsAuthorizedKeysPermission, Repair-ModuliFilePermission, Repair-SSHFolderPermission
|
||||
Export-ModuleMember -Function Repair-FilePermission, Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission, Enable-Privilege, Get-UserAccount, Get-UserSID, Repair-AdministratorsAuthorizedKeysPermission, Repair-ModuliFilePermission, Repair-SSHFolderPermission, Repair-SSHFolderFilePermission, Repair-SSHFolderPrivateKeyPermission
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@
|
|||
# @bingbing8 - removed secedit.exe dependency
|
||||
# @tessgauthier - added permissions check for %programData%/ssh
|
||||
|
||||
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
|
||||
param ()
|
||||
Set-StrictMode -Version 2.0
|
||||
|
||||
$ErrorActionPreference = 'Stop'
|
||||
|
||||
if (!([bool]([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")))
|
||||
|
|
@ -89,7 +93,18 @@ if (Test-Path $moduliPath -PathType Leaf)
|
|||
$sshProgDataPath = Join-Path $env:ProgramData "ssh"
|
||||
if (Test-Path $sshProgDataPath)
|
||||
{
|
||||
Repair-SSHFolderPermission -sshProgDataPath $sshProgDataPath
|
||||
# SSH Folder - owner: System or Admins; full access: System, Admins; read or readandexecute/synchronize permissible: Authenticated Users
|
||||
Repair-SSHFolderPermission -FilePath $sshProgDataPath @psBoundParameters
|
||||
# Files in SSH Folder (excluding private key files)
|
||||
# owner: System or Admins; full access: System, Admins; read/readandexecute/synchronize permissable: Authenticated Users
|
||||
$privateKeyFiles = @("ssh_host_dsa_key", "ssh_host_ecdsa_key", "ssh_host_ed25519_key", "ssh_host_rsa_key")
|
||||
Get-ChildItem -Path (Join-Path $sshProgDataPath '*') -Recurse -Exclude ($privateKeyFiles) -Force | ForEach-Object {
|
||||
Repair-SSHFolderFilePermission -FilePath $_.FullName @psBoundParameters
|
||||
}
|
||||
# Private key files - owner: System or Admins; full access: System, Admins
|
||||
Get-ChildItem -Path (Join-Path $sshProgDataPath '*') -Recurse -Include $privateKeyFiles -Force | ForEach-Object {
|
||||
Repair-SSHFolderPrivateKeyPermission -FilePath $_.FullName @psBoundParameters
|
||||
}
|
||||
}
|
||||
|
||||
#register etw provider
|
||||
|
|
|
|||
Loading…
Reference in New Issue