GitBook: [master] one page modified

windows/windows-local-privilege-escalation/README.md

@@ -969,10 +969,19 @@ SSH private keys can be stored inside the registry key `HKCU\Software\OpenSSH\Ag
 reg query HKEY_CURRENT_USER\Software\OpenSSH\Agent\Keys
 ```
 
-If you find any entry inside that path it will probably be a saved SSH key. It is stored encrypted but can be easily decrypted using [https://github.com/ropnop/windows\_sshagent\_extract](https://github.com/ropnop/windows_sshagent_extract).
-
+If you find any entry inside that path it will probably be a saved SSH key. It is stored encrypted but can be easily decrypted using [https://github.com/ropnop/windows\_sshagent\_extract](https://github.com/ropnop/windows_sshagent_extract).  
 More information about this technique here: [https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/](https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/)
 
+If `ssh-agent` service is not running and you want it to automatically start on boot run:
+
+```text
+Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service
+```
+
+{% hint style="info" %}
+It looks like this technique isn't valid anymore. I tried to create some ssh keys, add them with `ssh-add` and login via ssh to a machine. The registry HKCU\Software\OpenSSH\Agent\Keys doesn't exist and procmon didn't identify the use of `dpapi.dll` during the asymmetric key authentication.
+{% endhint %}
+
 ### Unattended files
 
 ```text