Revisions to Windows SSH: Permissions for 'private-key' are too open

Applied syntax highlighting ; Grammatical corrections (incl. formatting and redundancy removal)

Source Link

edited Jul 2, 2020 at 11:53

8.2k
7
30
50

I am using Windows 10 built-in OpenSSH. I copied my public and private keys to %userprofile%\.ssh

I wrote a small batch script for my users to use after they find their keys from the cmd prompt with: where *.pub

Rem You must replace PublicKeyFilename and PrivateKeyFilename with actual file names.

md %userprofile%\.ssh
copy PublicKeyFilename %userprofile%\.ssh
copy PrivateKeyFilename %userprofile%\.ssh
cd %userprofile%\.ssh
icacls .\PublicKeyFilename /inheritance:r
icacls .\PrivateKeyFilename /inheritance:r
icacls .\PublicKeyFilename /grant:r "%username%":"(F)"
icacls .\PrivateKeyFilename /grant:r "%username%":"(F)"

The final step was right-clicking the file, Properties, Security, and editing the permissions to remove everyone except my username and setting the permissions for myself to Read.

Copy the public and private keys to %userprofile%\.ssh

Use the batch script below after finding your keys from the cmd prompt with where *.pub:

Md %Userprofile%\.ssh
  Copy PublicKey %Userprofile%\.ssh
  Copy PrivateKey %Userprofile%\.ssh

Cd %Userprofile%\.ssh
  Icacls .\PublicKey  /Inheritance:r
  Icacls .\PrivateKey /Inheritance:r
  Icacls .\PublicKey  /Grant:r "%Username%":"(F)"
  Icacls .\PrivateKey /Grant:r "%Username%":"(F)"

Right-click each file → Properties → Security:
Remove everyone except the user, setting the permissions for the user to Read

I am using Windows 10 built-in OpenSSH. I copied my public and private keys to %userprofile%\.ssh

I wrote a small batch script for my users to use after they find their keys from the cmd prompt with: where *.pub

Rem You must replace PublicKeyFilename and PrivateKeyFilename with actual file names.

md %userprofile%\.ssh
copy PublicKeyFilename %userprofile%\.ssh
copy PrivateKeyFilename %userprofile%\.ssh
cd %userprofile%\.ssh
icacls .\PublicKeyFilename /inheritance:r
icacls .\PrivateKeyFilename /inheritance:r
icacls .\PublicKeyFilename /grant:r "%username%":"(F)"
icacls .\PrivateKeyFilename /grant:r "%username%":"(F)"

The final step was right-clicking the file, Properties, Security, and editing the permissions to remove everyone except my username and setting the permissions for myself to Read.

Copy the public and private keys to %userprofile%\.ssh

Use the batch script below after finding your keys from the cmd prompt with where *.pub:

Md %Userprofile%\.ssh
  Copy PublicKey %Userprofile%\.ssh
  Copy PrivateKey %Userprofile%\.ssh

Cd %Userprofile%\.ssh
  Icacls .\PublicKey  /Inheritance:r
  Icacls .\PrivateKey /Inheritance:r
  Icacls .\PublicKey  /Grant:r "%Username%":"(F)"
  Icacls .\PrivateKey /Grant:r "%Username%":"(F)"

Right-click each file → Properties → Security:
Remove everyone except the user, setting the permissions for the user to Read

code layout adjust

Source Link

edit approved Apr 18, 2020 at 1:37

Io-oI

8.3k
3
13
41

I am using Windows 10 built-in OpenSSH. I copied my public and private keys to %userprofile%\.ssh%userprofile%\.ssh
I

I wrote a small batch script for my users to use after they find their keys from the cmd prompt with: where *.pubwhere *.pub

Rem You must replace PublicKeyFilename and PrivateKeyFilename with actual file names.
md %userprofile%\.ssh
copy PublicKeyFilename % userprofile%\.ssh
copy PrivateKeyFilename % userprofile%\.ssh
cd %userprofile%\.ssh
icacls .\PublicKeyFilename /inheritance:r
icacls .\PrivateKeyFilename /inheritance:r
icacls .\PublicKeyFilename /grant:r "%username%":"(F)"
icacls .\PrivateKeyFilename /grant:r "%username%":"(F)"

md %userprofile%\.ssh
copy PublicKeyFilename %userprofile%\.ssh
copy PrivateKeyFilename %userprofile%\.ssh
cd %userprofile%\.ssh
icacls .\PublicKeyFilename /inheritance:r
icacls .\PrivateKeyFilename /inheritance:r
icacls .\PublicKeyFilename /grant:r "%username%":"(F)"
icacls .\PrivateKeyFilename /grant:r "%username%":"(F)"

The final step was right-clicking the file, Properties, Security, and editing the permissions to remove everyone except my username and setting the permissions for myself to Read.

I am using Windows 10 built-in OpenSSH. I copied my public and private keys to %userprofile%\.ssh
I wrote a small batch script for my users to use after they find their keys from the cmd prompt with: where *.pub

Rem You must replace PublicKeyFilename and PrivateKeyFilename with actual file names.
md %userprofile%\.ssh
copy PublicKeyFilename % userprofile%\.ssh
copy PrivateKeyFilename % userprofile%\.ssh
cd %userprofile%\.ssh
icacls .\PublicKeyFilename /inheritance:r
icacls .\PrivateKeyFilename /inheritance:r
icacls .\PublicKeyFilename /grant:r "%username%":"(F)"
icacls .\PrivateKeyFilename /grant:r "%username%":"(F)"

The final step was right-clicking the file, Properties, Security, and editing the permissions to remove everyone except my username and setting the permissions for myself to Read.

I am using Windows 10 built-in OpenSSH. I copied my public and private keys to %userprofile%\.ssh

I wrote a small batch script for my users to use after they find their keys from the cmd prompt with: where *.pub

Rem You must replace PublicKeyFilename and PrivateKeyFilename with actual file names.

md %userprofile%\.ssh
copy PublicKeyFilename %userprofile%\.ssh
copy PrivateKeyFilename %userprofile%\.ssh
cd %userprofile%\.ssh
icacls .\PublicKeyFilename /inheritance:r
icacls .\PrivateKeyFilename /inheritance:r
icacls .\PublicKeyFilename /grant:r "%username%":"(F)"
icacls .\PrivateKeyFilename /grant:r "%username%":"(F)"

The final step was right-clicking the file, Properties, Security, and editing the permissions to remove everyone except my username and setting the permissions for myself to Read.

deleted 4 characters in body

Source Link

edited Apr 17, 2020 at 21:00

Lynn Edmiston

21
3

I am using Windows 10 built-in OpenSSH. I copied my public and private keys to %userprofile%\.ssh
I wrote a small batch script for my users to use after they find their keys from the cmd prompt with: where *.pub

Rem You must replace PublicKeyFilename and PrivateKeyFilename with actual file names.
md %userprofile%\.ssh
copy PublicKeyFilename % userprofile%\.ssh
copy PrivateKeyFilename % userprofile%\.ssh
cd %userprofile%\.ssh
icacls .\PublicKeyFilename //inheritance:r
icacls .\PrivateKeyFilename //inheritance:r
icacls .\PublicKeyFilename //grant:r "%username%":"(F)"
icacls .\PrivateKeyFilename //grant:r "%username%":"(F)"

The final step was right-clicking the file, Properties, Security, and editing the permissions to remove everyone except my username and setting the permissions for myself to Read.

Expanded answer to include Windows version and batch file

Source Link

edited Apr 17, 2020 at 20:55

Lynn Edmiston

21
3

Loading

Expanded answer to include Windows version and batch file

Source Link

edited Apr 17, 2020 at 20:50

Lynn Edmiston

21
3

Loading

Source Link

created Apr 17, 2020 at 19:34

Lynn Edmiston

21
3

Loading

Stack Exchange Network

Return to Answer