From 9ade06cdc366c7f3abf77671131d48aa7f58c759 Mon Sep 17 00:00:00 2001
From: Trey Valenta <t@trey.net>
Date: Thu, 9 Oct 2025 12:34:38 -0700
Subject: [PATCH] Several fixes for the SSH known_hosts files on Windows

1. Ensure the ssh_known_hosts files are plain-text with no BOM
Powershell's redirect was creating a file with UTF16 encoding.
1. Create a ssh_known_hosts file for the ssh application included with
Windows.
1. Use ssh-keyscan from the Git for Windows installation so keys from
github.com can be added. Relates to
https://github.com/actions/runner-images/issues/13072
---
 images/windows/scripts/build/Install-Git.ps1 | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/images/windows/scripts/build/Install-Git.ps1 b/images/windows/scripts/build/Install-Git.ps1
index 6f0118dd1c..0e6843d79b 100644
--- a/images/windows/scripts/build/Install-Git.ps1
+++ b/images/windows/scripts/build/Install-Git.ps1
@@ -46,7 +46,16 @@ if ($LASTEXITCODE -ne 0) {
 Add-MachinePathItem "C:\Program Files\Git\bin"
 
 # Add well-known SSH host keys to ssh_known_hosts
-ssh-keyscan -t rsa,ecdsa,ed25519 github.com >> "C:\Program Files\Git\etc\ssh\ssh_known_hosts"
-ssh-keyscan -t rsa ssh.dev.azure.com >> "C:\Program Files\Git\etc\ssh\ssh_known_hosts"
+# Write content to the file used by OpenSSH and the version includes with Git
+# for Windows
+$windowsSSHKnownHosts = "C:\ProgramData\ssh\ssh_known_hosts"
+$gitSSHKnownHosts = "C:\Program Files\Git\etc\ssh\ssh_known_hosts"
+
+$sshKeyScan = "C:\Program Files\Git\usr\bin\ssh-keyscan"
+$githubHostKeys = &$sshKeyScan -t rsa,ecdsa,ed25519 github.com
+$azureHostKeys = &$sshKeyscan -t rsa ssh.dev.azure.com
+
+Set-Content -Encoding ASCII -Path $windowsSSHKnownHosts, $gitSSHKnownHosts -Value $githubHostKeys
+Add-Content -Encoding ASCII -Path $windowsSSHKnownHosts, $gitSSHKnownHosts -Value $azureHostKeys
 
 Invoke-PesterTests -TestFile "Git"