Skip to content

Instantly share code, notes, and snippets.

@jcefoli
Last active July 3, 2024 15:43
Show Gist options
  • Save jcefoli/f0d4486ccbb77431ee5c5df6c4734128 to your computer and use it in GitHub Desktop.
Save jcefoli/f0d4486ccbb77431ee5c5df6c4734128 to your computer and use it in GitHub Desktop.
Fix OpenSSH private key permissions on Windows (Solves Windows SSH: Permissions for 'private-key' are too open)
param (
[Parameter(Mandatory=$true)]
[string]$privateKeyFilePath
)
# Remove inheritance from the private key file to prevent inheriting permissions from parent directories
. icacls $privateKeyFilePath /c /t /Inheritance:d
# Grant full control to the current user for keys within the user profile directory
. icacls $privateKeyFilePath /c /t /Grant ${env:UserName}:F
# If the private key is outside the user profile directory, take ownership and grant full control
. takeown /F $privateKeyFilePath
. icacls $privateKeyFilePath /c /t /Grant:r ${env:UserName}:F
# Remove all users' permissions except for the owner (current user)
. icacls $privateKeyFilePath /c /t /Remove:g Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users
# Verify and display the current permissions on the private key file
. icacls $privateKeyFilePath
# Remove the variable holding the private key path to clear sensitive information
Remove-Variable -Name privateKeyFilePath
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment