simkin/FixSSH.ps1

## FixSSH.ps1
# Run this script as Administrator

# 1. Setup variables
$userName = $env:USERNAME
$sshPath = "$env:USERPROFILE\.ssh"
$configFile = "$sshPath\config"

Write-Host "Starting SSH environment repair for $userName..." -ForegroundColor Cyan

# 2. Fix ssh-agent service status
Write-Host "Checking OpenSSH Authentication Agent service..." -ForegroundColor Gray
$agentService = Get-Service -Name ssh-agent -ErrorAction SilentlyContinue

if ($null -eq $agentService) {
    Write-Warning "OpenSSH Agent service not found. Please ensure OpenSSH Client is installed."
} else {
    if ($agentService.StartType -ne 'Automatic') {
        Set-Service ssh-agent -StartupType Automatic
    }
    if ($agentService.Status -ne 'Running') {
        Start-Service ssh-agent
    }
    Write-Host "SSH Agent is running correctly." -ForegroundColor Green
}

# 3. Take ownership of the .ssh directory
Write-Host "Taking ownership of $sshPath..." -ForegroundColor Gray
takeown /f $sshPath /r /d j 2>$null
takeown /f $sshPath /r /d y 2>$null

# 4. Reset ACLs and disable inheritance
Write-Host "Resetting permissions and disabling inheritance..." -ForegroundColor Gray
icacls $sshPath /reset /t
icacls $sshPath /inheritance:r /t

# 5. Grant explicit full access to the current user
icacls $sshPath /grant:r "${userName}:(OI)(CI)F"

# 6. Check config for breaking options (IdentitiesOnly yes)
if (Test-Path $configFile) {
    $content = Get-Content $configFile
    if ($content -match "IdentitiesOnly\s+yes") {
        Write-Host "Found 'IdentitiesOnly yes' in config. This often breaks auto-login when keys are encrypted on disk." -ForegroundColor Yellow
        $choice = Read-Host "Do you want to change this to 'IdentitiesOnly no' to allow ssh-agent to handle logins? (y/n)"
        if ($choice -eq 'y') {
            (Get-Content $configFile) -replace "IdentitiesOnly\s+yes", "IdentitiesOnly no" | Set-Content $configFile
            Write-Host "Config updated: IdentitiesOnly set to no." -ForegroundColor Green
        }
    }
    icacls $configFile /grant:r "${userName}:R"
}

# 7. Detect and protect Private Keys based on content
Write-Host "Scanning for private keys..." -ForegroundColor Gray
$allFiles = Get-ChildItem -Path $sshPath -File

foreach ($file in $allFiles) {
    # Skip public keys and config
    if ($file.Name -match "\.pub$" -or $file.Name -eq "config" -or $file.Name -eq "known_hosts") { continue }

    # Check if file starts with OpenSSH or RSA private key header
    $firstLine = Get-Content $file.FullName -TotalCount 1 -ErrorAction SilentlyContinue
    if ($firstLine -match "^-----BEGIN.*PRIVATE KEY-----") {
        icacls $file.FullName /grant:r "${userName}:R"
        Write-Host "Security applied to private key: $($file.Name)" -ForegroundColor Yellow
    }
}

Write-Host "SSH repair completed successfully!" -ForegroundColor Green
	# Run this script as Administrator

	# 1. Setup variables
	$userName = $env:USERNAME
	$sshPath = "$env:USERPROFILE\.ssh"
	$configFile = "$sshPath\config"

	Write-Host "Starting SSH environment repair for $userName..." -ForegroundColor Cyan

	# 2. Fix ssh-agent service status
	Write-Host "Checking OpenSSH Authentication Agent service..." -ForegroundColor Gray
	$agentService = Get-Service -Name ssh-agent -ErrorAction SilentlyContinue

	if ($null -eq $agentService) {
	Write-Warning "OpenSSH Agent service not found. Please ensure OpenSSH Client is installed."
	} else {
	if ($agentService.StartType -ne 'Automatic') {
	Set-Service ssh-agent -StartupType Automatic
	}
	if ($agentService.Status -ne 'Running') {
	Start-Service ssh-agent
	}
	Write-Host "SSH Agent is running correctly." -ForegroundColor Green
	}

	# 3. Take ownership of the .ssh directory
	Write-Host "Taking ownership of $sshPath..." -ForegroundColor Gray
	takeown /f $sshPath /r /d j 2>$null
	takeown /f $sshPath /r /d y 2>$null

	# 4. Reset ACLs and disable inheritance
	Write-Host "Resetting permissions and disabling inheritance..." -ForegroundColor Gray
	icacls $sshPath /reset /t
	icacls $sshPath /inheritance:r /t

	# 5. Grant explicit full access to the current user
	icacls $sshPath /grant:r "${userName}:(OI)(CI)F"

	# 6. Check config for breaking options (IdentitiesOnly yes)
	if (Test-Path $configFile) {
	$content = Get-Content $configFile
	if ($content -match "IdentitiesOnly\s+yes") {
	Write-Host "Found 'IdentitiesOnly yes' in config. This often breaks auto-login when keys are encrypted on disk." -ForegroundColor Yellow
	$choice = Read-Host "Do you want to change this to 'IdentitiesOnly no' to allow ssh-agent to handle logins? (y/n)"
	if ($choice -eq 'y') {
	(Get-Content $configFile) -replace "IdentitiesOnly\s+yes", "IdentitiesOnly no" \| Set-Content $configFile
	Write-Host "Config updated: IdentitiesOnly set to no." -ForegroundColor Green
	}
	}
	icacls $configFile /grant:r "${userName}:R"
	}

	# 7. Detect and protect Private Keys based on content
	Write-Host "Scanning for private keys..." -ForegroundColor Gray
	$allFiles = Get-ChildItem -Path $sshPath -File

	foreach ($file in $allFiles) {
	# Skip public keys and config
	if ($file.Name -match "\.pub$" -or $file.Name -eq "config" -or $file.Name -eq "known_hosts") { continue }

	# Check if file starts with OpenSSH or RSA private key header
	$firstLine = Get-Content $file.FullName -TotalCount 1 -ErrorAction SilentlyContinue
	if ($firstLine -match "^-----BEGIN.*PRIVATE KEY-----") {
	icacls $file.FullName /grant:r "${userName}:R"
	Write-Host "Security applied to private key: $($file.Name)" -ForegroundColor Yellow
	}
	}

	Write-Host "SSH repair completed successfully!" -ForegroundColor Green
No results found