Skip to content

OpenSSH utility scripts to fix file permissions

Yanbing edited this page Oct 22, 2017 · 20 revisions

Powershell utility scripts included in v0.0.15.0 onwards, aid in fixing permissions on various OpenSSH key and configuration files. See here for more details on how file permissions are enforced on Windows.

Improper file permissions will likely result in a broken configuration (OpenSSH fails to work). You may use the following scripts (provided in release payload) to help evaluate and fix any permission related issues.

FixHostFilePermissions.ps1

Use it to fix file permissions on host side. Checks and fixes file permissions on:

  • sshd_config
  • host keys generated by ssh-keygen.exe -A
  • any authorized_keys located in user profiles (%userprofile%\user.ssh\authorized_keys)
# Usage
#   Evaluate each file and prompt before making changes
.\FixHostFilePermissions.ps1
#   Evaluate and make changes without prompting
.\FixHostFilePermissions.ps1 -Confirm:$false
#   Evaluate and tell what changes this script will make
.\FixHostFilePermissions.ps1 -WhatIf

FixUserFilePermissions.ps1

Use it to fix permissions of client side files - keys and config files of current user. Checks and fixes permissions on:

  • ~\.ssh\config
  • ~\.ssh\id_rsa, ~\.ssh\id_rsa.pub
  • ~\.ssh\id_dsa, ~\.ssh\id_dsa.pub
# Usage
#   Evaluate each file and prompt before making changes
.\FixUserFilePermissions.ps1
#   Evaluate and make changes without prompting
.\FixUserFilePermissions.ps1 -Confirm:$false
#   Evaluate and tell what changes this script will make
.\FixUserFilePermissions.ps1 -Whatif

OpenSSHUtils.psm1

Above 2 scripts use core functionality implemented in this base module. If you are dealing with a custom OpenSSH configurations, you may find the following functions useful.

Import-Module .\OpenSSHUtils.psd1 -Force
# All routines following -Confirm and -Whatif semantics
# fix permissions on a specified sshd_config
Repair-SshdConfigPermission -FilePath c:\test\sshd_config
# fix permissions on a specified host key
Repair-SshdHostKeyPermission -FilePath c:\test\sshtest_hostkey_ecdsa
# fix permissions on a specified authorized_key
Repair-AuthorizedKeyPermission -FilePath C:\Users\sshtest_ssouser\.ssh\authorized_keys
# fix permissions a specific ssh_config
Repair-UserKeyPermission -FilePath '~\.ssh\config'
# fix permissions on an user key
Repair-UserSshConfigPermission -FilePath c:\test\sshtest_userssokey_ed25519
Clone this wiki locally