How to secure SSH Private key on Windows 10
Keys must only be accessible to the user they're intended for and no other account, service, or group.
- GUI: [File] Properties - Security - Advanced
- Owner: Set to the key's user
- Permission Entries: Remove all users, groups, and services, except for the key's user
- Set key's user to Full Control
- CLI:
# Set Variable: Set Key="C:\Path\to\keyfile" # Remove Inheritance: Cmd /c Icacls %Key% /c /t /Inheritance:d # Set Ownership to Owner: Cmd /c Icacls %Key% /c /t /Grant %UserName%:F # Remove All Users, except for Owner: Cmd /c Icacls %Key% /c /t /Remove Administrator BUILTIN\Administrators BUILTIN Everyone System Users # Verify: Cmd /c Icacls %Key%