tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-09-21 17:08:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

FixUserFilePermissions fixes permissions for administrators_authorized_keys (#492)

Browse Source
This commit is contained in:
vthiebaut10 2021-03-29 20:19:37 -04:00 committed by GitHub
parent 78b646b0de
commit bbb500a639
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
contrib/win32/openssh/FixUserFilePermissions.ps1
View File

@ -14,5 +14,22 @@ Get-ChildItem ~\.ssh\* -Include "id_rsa","id_dsa" -ErrorAction SilentlyContinue
Repair-UserKeyPermission -FilePath $_.FullName @psBoundParameters Repair-UserKeyPermission -FilePath $_.FullName @psBoundParameters
} }
$sshdAdministratorsAuthorizedKeysPath = join-path $env:ProgramData\ssh "administrators_authorized_keys"
if(Test-Path $sshdAdministratorsAuthorizedKeysPath -PathType Leaf)
{
if (([bool]([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")))
{
Repair-AdministratorsAuthorizedKeysPermission -FilePath $sshdAdministratorsAuthorizedKeysPath @psBoundParameters
}
else
{
Write-host "To fix file permissions for $sshdAdministratorsAuthorizedKeysPath, run this script in elevated mode" -ForegroundColor Yellow
}
}
Write-Host " Done." Write-Host " Done."
Write-Host " " Write-Host " "

20
contrib/win32/openssh/OpenSSHUtils.psm1
View File

@ -182,6 +182,24 @@ function Repair-AuthorizedKeyPermission
} }
} }
<#
.Synopsis
Repair-AdministratorsAuthorizedKeysPermission
Repair the file owner and Permission of administrators_authorized_keys
#>
function Repair-AdministratorsAuthorizedKeysPermission
{
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]$FilePath)
Repair-FilePermission -Owners $adminsSid -FullAccessNeeded $adminsSid,$systemSid -ReadAccessOK $everyoneSid @psBoundParameters
}
<# <#
.Synopsis .Synopsis
Repair-UserKeyPermission Repair-UserKeyPermission
@ -690,4 +708,4 @@ function Enable-Privilege {
$type[0]::EnablePrivilege($Privilege, $Disable) $type[0]::EnablePrivilege($Privilege, $Disable)
} }
Export-ModuleMember -Function Repair-FilePermission, Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission, Enable-Privilege, Get-UserAccount, Get-UserSID Export-ModuleMember -Function Repair-FilePermission, Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission, Enable-Privilege, Get-UserAccount, Get-UserSID, Repair-AdministratorsAuthorizedKeysPermission