-
Notifications
You must be signed in to change notification settings - Fork 767
OpenSSH utility scripts to fix file permissions
Powershell utility scripts included in v0.0.15.0 onwards, aid in fixing permissions on various OpenSSH key and configuration files. See [here] (https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH) for more details on how file permissions are enforced on Windows.
Improper file permissions will likely result in a broken configuration (OpenSSH fails to work). You may use the following scripts (provided in release payload) to help evaluate and fix any permission related issues.
Use it to fix file permissions on host side. Checks and fixes file permissions on:
- sshd_config
- host keys generated by
ssh-keygen.exe -A
- any authorized_keys located in user profiles (%userprofile%\user.ssh\authorized_keys)
# Usage
# Evaluate each file and prompt before making changes
.\FixHostFilePermissions.ps1
# Evaluate and make changes without prompting
.\FixHostFilePermissions.ps1 -Quiet
Use it to fix permissions of client side files - keys and config files of current user. Checks and fixes permissions on:
~\.ssh\config
-
~\.ssh\id_rsa
,~\.ssh\id_rsa.pub
-
~\.ssh\id_dsa
,~\.ssh\id_dsa.pub
# Usage
# Evaluate each file and prompt before making changes
.\FixUserFilePermissions.ps1
# Evaluate and make changes without prompting
.\FixUserFilePermissions.ps1 -Quiet
Above 2 scripts use core functionality implemented in this base module. If you are dealing with a custom OpenSSH configuration, you may find the following functions useful.
Import-Module .\OpenSSHUtils.psm1 -Force
# All routines following -Quiet semantics
# fix permissions on a specified sshd_config
Fix-HostSSHDConfigPermissions -FilePath c:\test\sshd_config
# fix permissions on a specified host key
Fix-HostKeyPermissions -FilePath c:\test\sshtest_hostkey_ecdsa
# fix permissions on a specified authorized_key
Fix-AuthorizedKeyPermissions -FilePath C:\Users\sshtest_ssouser\.ssh\authorized_keys
# fix permissions a specific ssh_config
Fix-UserSSHConfigPermissions -FilePath '~\.ssh\config'
# fix permissions on an user key
Fix-HostUserPermissions -FilePath c:\test\sshtest_userssokey_ed25519 -Quiet
- MSI Install Instructions
- Script Install Instructions
- Alternative installation using the universal installer
- Retrieving download links for the latest packages