-
Notifications
You must be signed in to change notification settings - Fork 767
OpenSSH utility scripts to fix file permissions
Yanbing edited this page Jun 3, 2017
·
20 revisions
Powershell utility scripts are included starting release v0.0.15.0 to automatically fix the permissions on various keys and configuration files for host and user. Secure protection of various files explains why secure enforcement is needed.
FixHostFilePermissions.ps1
It checks and fixes the below permissions on default host files:
- user's authorized_keys located at
$env:systemdrive\Users\...\.ssh\authorized_keys - host keys generated by
ssh-keygen.exe -Ain the same folder of the script - sshd_config in the same folder of the script
# script prompt to confirm you want to update each permission if Quiet is not specified
.\FixHostFilePermissions.ps1FixUserFilePermissions.ps1
It checks and fixes the below file permissions on user's default files:
- user's ssh_config located at
~\.ssh\config - user's keys located at
~\.ssh\id_rsa,~\.ssh\id_rsa.pub - user's keys located at
~\.ssh\id_dsa,~\.ssh\id_dsa.pub
# -Quiet suppresses prompting to confirm you want to update each permission
.\FixUserFilePermissions.ps1 -Quiet OpenSSHUtils.psm1 module
It checks and fixes permissions on customer specified files.
- Function
Fix-HostSSHDConfigPermissionsfixes permission on sshd_config file specified by user - Function
Fix-HostKeyPermissionsfixes permission for host keys specified by user; Note that to keep the host private keys secure, it is recommended to register them with ssh-agent following steps in link, but this function suggests to grant 'NT Service\sshd' Read permission to the host keys. Choose no if they are registered already. - Function
Fix-UserKeyPermissionsfixes the permissions on user's key files specified by user - Function
Fix-AuthorizedKeyPermissionsfixes permissions on the authorized_keys file specified by user - Function
Fix-UserSSHConfigPermissionsfixes permissions on user's ssh config specified by user
Import-Module .\OpenSSHUtils.psm1 -Force
# prompt to confirm you want to confirm you want to update each permission on the file
Fix-HostSSHDConfigPermissions c:\test\sshd_config
# -Quiet suppresses prompting to confirm you want to update each permission on the file
Fix-AuthorizedKeyPermissions -FilePath C:\Users\sshtest_ssouser\.ssh\authorized_keys -Quiet
Fix-HostKeyPermissions -FilePath c:\test\sshtest_hostkey_ecdsa -Quiet
Fix-HostUserPermissions -FilePath c:\test\sshtest_userssokey_ed25519 -Quiet
Fix-UserSSHConfigPermissions -FilePath '~\.ssh\config' -Quiet- MSI Install Instructions
- Script Install Instructions
- Alternative installation using the universal installer
- Retrieving download links for the latest packages