Keys must only be accessible to the user they're intended for and no other account, service, or group.
- GUI:
[File] Properties → Security → Advanced- Owner: TheChange → Select a principal → Enter key's user → OK
- Permission Entries: Remove all except for the key's user
- Set key's user to Full Control Set key's user to Full Control if not already set
- Select user → Modify → Full Control → OK
OR - Add → Select a principal → Enter key's user → OK
- Select user → Modify → Full Control → OK
- OK → OK
Cmd
:::# Set Key File Variable: Set Key="%UserProfile%\.ssh\id_rsa" ::# Remove Inheritance: Icacls %Key% /c /t /Inheritance:d ::# Set Ownership to Owner: :: # Key's within %UserProfile%: Icacls %Key% /c /t /Grant %UserName%:F :: # Key's outside of %UserProfile%: TakeOwn /F %Key% Icacls %Key% /c /t /Grant:r %UserName%:F ::# Remove All Users, except for Owner: Icacls %Key% /c /t /Remove:g "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users ::# Verify: Icacls %Key% ::# Remove Variable: set "Key="
PowerShell
:# Set Key File Variable: New-Variable -Name Key -Value "$env:UserProfile\.ssh\id_rsa" # Remove Inheritance: Icacls $Key /c /t /Inheritance:d # Set Ownership to Owner: # Key's within $env:UserProfile: Icacls $Key /c /t /Grant ${env:UserName}:F # Key's outside of $env:UserProfile: TakeOwn /F $Key Icacls $Key /c /t /Grant:r ${env:UserName}:F # Remove All Users, except for Owner: Icacls $Key /c /t /Remove:g Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users # Verify: Icacls $Key # Remove Variable: Remove-Variable -Name Key