{"id":16366438,"url":"https://github.com/centminmod/keygen","last_synced_at":"2025-03-23T02:32:35.169Z","repository":{"id":41224558,"uuid":"43533152","full_name":"centminmod/keygen","owner":"centminmod","description":"ssh private key pair generator","archived":false,"fork":false,"pushed_at":"2025-01-04T22:10:23.000Z","size":75,"stargazers_count":10,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-18T16:52:29.373Z","etag":null,"topics":["bash","centos","ecdsa-key-pair","ed25519","rsa-key-pair","ssh","ssh-key","ssh-keygen","ssh-keys"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/centminmod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-10-02T02:55:19.000Z","updated_at":"2025-01-04T22:10:26.000Z","dependencies_parsed_at":"2024-10-28T15:22:40.039Z","dependency_job_id":"c386cbf3-44a4-4a06-a3b5-9fa77b834e23","html_url":"https://github.com/centminmod/keygen","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fkeygen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fkeygen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fkeygen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fkeygen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/centminmod","download_url":"https://codeload.github.com/centminmod/keygen/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245047977,"owners_count":20552430,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","centos","ecdsa-key-pair","ed25519","rsa-key-pair","ssh","ssh-key","ssh-keygen","ssh-keys"],"created_at":"2024-10-11T02:46:27.427Z","updated_at":"2025-03-23T02:32:34.907Z","avatar_url":"https://github.com/centminmod.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"description\n===\n\nThis script generates and manages SSH keys for different types of encryption algorithms (RSA, ECDSA, and ED25519). It takes various command-line arguments to generate new keys, rotate existing keys, and set up the SSH configuration file for seamless access to remote hosts.\n\nKey functionalities include:\n\n1. Generating new SSH keys with or without a passphrase.\n2. Rotating SSH keys, replacing the old key on the remote server with a new one.\n3. Logging key generation and rotation processes.\n4. Creating an entry in the SSH configuration file for easy access to remote hosts.\n5. Providing a script to populate the remote server with the same generated SSH key.\n\ninstall\n===\n\nInstall sshpass YUM package and key github repo:\n\n```\nyum -y install sshpass\n\nmkdir -p /root/tools\ncd /root/tools\ngit clone --depth=1 https://github.com/centminmod/keygen\ncd keygen\n./keygen.sh\n```\n\nusage\n===\n\nYou can use `gen` command to generate SSH key pairs or use `rotatekeys` command to rotate an existing SSH key\n\nWhere remote server's SSH password is optionally set via `remotessh_password`\n\n```\n./keygen.sh \n-------------------------------------------------------------------------\n ./keygen.sh {gen}\n ./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment\n\n or\n\n ./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment remotessh_password\n\n or\n\n ./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment remotessh_password unique_keyname_filename\n\n-------------------------------------------------------------------------\n ./keygen.sh {rotatekeys}\n ./keygen.sh {rotatekeys} keytype remoteip remoteport remoteuser keycomment keyname\n\nor\n\n ./keygen.sh {rotatekeys} keytype remoteip remoteport remoteuser keycomment \"\" unique_keyname_filename\n\n-------------------------------------------------------------------------\n keytype supported: rsa, ecdsa, ed25519\n```\n\ncleanup\n===\n\nRemoval all generated SSH keys and directories amd logs.\n\nExample for `my1.key*`\n\n```\nrm -rf /etc/keygen/\nrm -rf /root/.ssh/my1.key*\n```\n\nThen remove public key entry from`/root/.ssh/authorized_keys`.\n\nunattended mode\n===\n\nIf you do not pass on command line the last argument for `remotessh_password` for SSH user password, then when you run `keygen.sh` non-unattended at `ssh-copy-id` step you will be prompted for remote SSH user's SSH password for one time only to setup remote server's `authorized_keys` file. If you pass `remotessh_password` on command line, at `ssh-copy-id` step you will run in unattended mode and not be asked for SSH user's SSH password as `keygen.sh` installs and sets up `sshpass` to handle input for SSH password without user input.\n\nRunning unattended mode will also attempt to copy the generated public key over to the defined remote server's `$HOME/.ssh/authorized_keys` file so prompt you to do a one time login to the remote server via the password (only if you do not pass `remotessh_password` on command line). Then it will do a test ssh connection to the remote server using the newly generated key pair.\n\nYou'll end up with private and public key files named my`X` where `X` is a number which would increment automatically if you re-run this command on same server.\n\n* private key at `$HOME/.ssh/my1.key`\n* public key at `$HOME/.ssh/my1.key.pub`\n\nWhere:\n\n* `1.1.1.1` is remote server IP\n* `22` is remote server SSH port\n* `root` is username for remote SSH user\n* `comment` is unique identifying name i.e. `mykey@clienthostname` for setting up a Shell aliases further below. Also helps you to revoke the ssh key matching on this `comment`\n* `remotessh_password` for SSH user password,\n\nTo generate rsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` and you pass the remote SSH user's SSH password via `remotessh_password` at `ssh-copy-id` step\n\n keygen.sh gen rsa 1.1.1.1 22 root comment remotessh_password\n\nTo generate rsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password\n\n keygen.sh gen rsa 1.1.1.1 22 root comment\n\nTo generate ecdsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password\n\n keygen.sh gen ecdsa 1.1.1.1 22 root comment\n\nTo generate ed25519 key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password\n\n keygen.sh gen ed25519 1.1.1.1 22 root comment\n\nOnce run is complete, you'll now be able to ssh into remote server with just specifying the path to your private key you generated\n\n ssh root@remoteip -p 22 -i ~/.ssh/my1.key\n\nOutput also lists instructions for setting up `~/.ssh/config` for Shell aliases where `mykey@clienthostname` is your `comment` defined above and `my1` is your private key name.\n\n -------------------------------------------------------------------\n Setup source server file /root/.ssh/config\n -------------------------------------------------------------------\n \n Add to /root/.ssh/config:\n \n Host my1\n Hostname 1.1.1.1\n Port 22\n IdentityFile /root/.ssh/my1.key\n IdentitiesOnly=yes\n User root\n #LogLevel DEBUG3\n \n saved copy at /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.log\n\n cat /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.log \u003e\u003e /root/.ssh/config\n\n -------------------------------------------------------------------\n Once /root/.ssh/config entry added, can connect via Host label:\n my1\n -------------------------------------------------------------------\n\n ssh my1\n\n -------------------------------------------------------------------\n \n keygen.sh run logged to: /etc/keygen/logs/keygen-081219-231227.log\n config logged to: /etc/keygen/generate-1.1.1.1-22-my1-081219-231227.log\n \n -------------------------------------------------------------------\n \n populating SSH key file at: /etc/keygen/logs/populate-keygen-081219-231227.log\n \n To configure remote with same generated SSH Key type:\n bash /etc/keygen/logs/populate-keygen-081219-231227.log\n \n -------------------------------------------------------------------\n list /etc/keygen\n \n total 4.0K\n -rw-r--r-- 1 root root 92 Dec 8 23:12 generate-1.1.1.1-22-my1-081219-231227.log\n drwxr-xr-x 2 root root 161 Dec 8 23:12 logs\n\nSo you'll be able to ssh into remote server via SSH shell alias for Host label\n\n ssh my1\n\n### Populate SSH Key Globally\n\nIf you want to use the same generated SSH key in globally i.e. remote server use same generated SSH key to access the current server there's a populated SSH key file in output as well\n\n populating SSH key file at: /etc/keygen/logs/populate-keygen-081219-231227.log\n \n To configure remote with same generated SSH Key type:\n bash /etc/keygen/logs/populate-keygen-081219-231227.log\n\nRunning the suggested command will\n\n1. add generated SSH public key to `$HOME/.ssh/authorized_keys` on local server as well\n2. rsync transfer the generated SSH private key `$HOME/.ssh/${KEYNAME}.key` to the remote server's `$HOME/.ssh` directory as well via this repo's [sshtransfer.sh](https://github.com/centminmod/keygen#sshtransfersh) rsync wrapper.\n\n```\nbash /etc/keygen/logs/populate-keygen-081219-231227.log\n```\n\ncontents of `/etc/keygen/logs/populate-keygen-081219-231227.log`\n\n```\ngetpk=$(cat \"/root/.ssh/my1.key.pub\")\nif [[ ! $(grep -w '' /root/.ssh/authorized_keys) ]]; then cat \"/root/.ssh/my1.key.pub\" \u003e\u003e /root/.ssh/authorized_keys; fi\n./sshtransfer.sh /root/.ssh/my1.key 1.1.1.1 22 my1.key /root/.ssh/\n```\n\nexample run\n\n```\nbash /etc/keygen/logs/populate-keygen-081219-231227.log\n\ntransfer /root/.ssh/my1.key to root@1.1.1.1:/root/.ssh/\nrsync -avzi --progress --stats -e ssh -p 22 -i /root/.ssh/my1.key /root/.ssh/my1.key root@1.1.1.1:/root/.ssh/\nsending incremental file list\n\u003cf+++++++++ my1.key\n 227 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=0/1)\n\nNumber of files: 1 (reg: 1)\nNumber of created files: 1 (reg: 1)\nNumber of deleted files: 0\nNumber of regular files transferred: 1\nTotal file size: 227 bytes\nTotal transferred file size: 227 bytes\nLiteral data: 227 bytes\nMatched data: 0 bytes\nFile list size: 0\nFile list generation time: 0.001 seconds\nFile list transfer time: 0.000 seconds\nTotal bytes sent: 280\nTotal bytes received: 35\n\nsent 280 bytes received 35 bytes 630.00 bytes/sec\ntotal size is 227 speedup is 0.72\n\ncheck remote root@1.1.1.1:/root/.ssh/\nssh -p 22 -i /root/.ssh/my1.key root@1.1.1.1 ls -lah /root/.ssh/\ntotal 16K\ndrwx------ 2 root root 63 Dec 8 23:37 .\ndr-xr-x---. 9 root root 4.0K Dec 8 22:45 ..\n-rw------- 1 root root 171 Dec 8 23:36 authorized_keys\n-rw-r--r-- 1 root root 174 Dec 8 22:47 known_hosts\n-rw------- 1 root root 227 Dec 8 23:36 my1.key\n```\n\nLogging\n===\n\nLatest version automatically saves to log files the keygen.sh run + a config summary log\n\n -------------------------------------------------------------------\n \n keygen.sh run logged to: /etc/keygen/logs/keygen-010118-083341.log\n config logged to: /etc/keygen/generate-1.1.1.1-22-my4-010118-083341.log\n \n -------------------------------------------------------------------\n list all config logs\n \n /etc/keygen/generate-1.1.1.1-22-my1-010118-082758.log\n /etc/keygen/generate-1.1.1.1-22-my2-010118-082907.log\n /etc/keygen/generate-1.1.1.1-22-my3-010118-083220.log\n /etc/keygen/generate-1.1.1.1-22-my4-010118-083341.log\n \n -------------------------------------------------------------------\n\nconfig summary log for `/etc/keygen/generate-1.1.1.1-22-my4-010118-083341.log` where it logs remote hostname, remote user, the ssh keyname, short format hostname and kernel version\n\n cat /etc/keygen/generate-1.1.1.1-22-my4-010118-083341.log\n ip: 1.1.1.1 user: root keyname: my4 host: host1 2.6.32-042stab126.2\n\nRemoving public key from remote server\n===\n\nTo revoke a public key from your remote server so that the source data server can not connect to the remote server anymore, you need to remove the generated public key from remote server's `/root/.ssh/authorized_keys` file. You can use the comment i.e. `mykey@clienthostname` as a filter for sed deletion of the line.\n\nOn remote server run command where `mykey@clienthostname` is your comment you specified when you generated your key pair.\n\n sed -i '/mykey@clienthostname$/d' /root/.ssh/authorized_keys \n\nIf you setup a SSH aliase in `~/.ssh/config`, then you also need to remove the entry for `mykey@clienthostname`\n\nRotate Existing SSH Key\n===\n\nNew `rotatekeys` command allows you to rotate an existing SSH key both on local and remote server end. This assumes you are running `keygen.sh` on the same server that initially generated the existing SSH key on the server via `gen` command\n\ngenerated with (where remote ssh root password = `remotessh_password`)\n\n ./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment remotessh_password\n\nrotated with\n\n ./keygen.sh {rotatekeys} keytype remoteip remoteport remoteuser keycomment keyname\n\n**Example:**\n\ngenerated with (where comment = `mykey@clienthostname` and where remoter ssh root password = `remotessh_password`)\n\n ./keygen.sh gen rsa 1.1.1.1 22 root mykey@clienthostname remotessh_password\n\nresulting in key = `my1.key` so keyname = `my1`\n\n -------------------------------------------------------------------\n /root/.ssh contents\n -------------------------------------------------------------------\n total 12K\n dr-xr-x---. 8 root root 4.0K Apr 20 17:14 ..\n -rw------- 1 root root 3.2K Apr 20 17:17 my1.key\n -rw-r--r-- 1 root root 736 Apr 20 17:17 my1.key.pub\n drwx------ 2 root root 38 Apr 20 17:17 .\n\nrotated with indentifying keyname = `my1`\n\n ./keygen.sh rotatekeys rsa 1.1.1.1 22 root mykey@clienthostname my1\n\nfull output\n\n ./keygen.sh rotatekeys rsa 1.1.1.1 22 root mykey@clienthostname my1\n \n -------------------------------------------------------------------\n Rotating Private Key Pair...\n -------------------------------------------------------------------\n ssh-keygen -t rsa -b 4096 -N -f /root/.ssh/my1.key -C my1comment\n Generating public/private rsa key pair.\n Your identification has been saved in /root/.ssh/my1.key.\n Your public key has been saved in /root/.ssh/my1.key.pub.\n The key fingerprint is:\n 9c:8b:f7:74:44:27:79:6b:36:3b:29:e7:98:c2:3f:5e my1comment\n The key's randomart image is:\n +--[ RSA 4096]----+\n | |\n | . |\n | + o |\n | . . . + . |\n | S . = |\n | . . . o + |\n | . o.. o E |\n | . oo..B . |\n | .+=.. |\n +-----------------+\n \n -------------------------------------------------------------------\n my1.key.pub public key\n -------------------------------------------------------------------\n ssh-keygen -lf /root/.ssh/my1.key.pub\n [size --------------- fingerprint --------------- - comment - type]\n 4096 9c:8b:f7:74:44:27:79:6b:36:3b:29:e7:98:c2:3f:5e my1comment (RSA)\n \n cat /root/.ssh/my1.key.pub\n ssh-rsa AAAAB3NzaC1..NEW..w== my1comment\n \n -------------------------------------------------------------------\n /root/.ssh contents\n -------------------------------------------------------------------\n total 24K\n dr-xr-x---. 8 root root 4.0K Apr 20 17:14 ..\n -rw-r--r-- 1 root root 175 Apr 20 17:17 known_hosts\n -rw-r--r-- 1 root root 736 Apr 20 17:17 my1-old.key.pub\n -rw------- 1 root root 3.2K Apr 20 17:17 my1-old.key\n -rw-r--r-- 1 root root 736 Apr 20 17:30 my1.key.pub\n -rw------- 1 root root 3.2K Apr 20 17:30 my1.key\n drwx------ 2 root root 96 Apr 20 17:30 .\n \n -------------------------------------------------------------------\n Transfering my1.key.pub to remote host\n -------------------------------------------------------------------\n \n rotate and replace old public key from remote: root@1.1.1.1\n \n ssh root@1.1.1.1 -p 22 -i /root/.ssh/my1-old.key \"sed -i 's|ssh-rsa AAAAB3NzaC1..OLD...gw== my1comment|ssh-rsa AAAAB3NzaC1..NEW..w== my1comment|' /root/.ssh/authorized_keys\"\n \n \n -------------------------------------------------------------------\n Testing connection\n -------------------------------------------------------------------\n \n ssh root@1.1.1.1 -p 22 -i /root/.ssh/my1.key \"uname -a\"\n Linux remote.localdomain 2.6.32-642.13.1.el6.x86_64 #1 SMP Wed Jan 11 20:56:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux\n \n -------------------------------------------------------------------\n Setup source server file /root/.ssh/config\n -------------------------------------------------------------------\n \n Add to /root/.ssh/config:\n \n Host my1\n Hostname 1.1.1.1\n Port 22\n IdentityFile /root/.ssh/my1.key\n IdentitiesOnly=yes\n User root\n #LogLevel DEBUG3\n\n saved copy at /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.log\n\n cat /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.log \u003e\u003e /root/.ssh/\n \n -------------------------------------------------------------------\n Once /root/.ssh/config entry added, can connect via Host label:\n my1\n -------------------------------------------------------------------\n \n ssh my1\n\n\nsshtransfer.sh\n===\n\n`sshtransfer.sh` script is a wrapper script to quickly transfer files to a remote server configured with `keygen.sh` setup.\n\nUsage\n\n```\n./sshtransfer.sh \n\nusage:\n\n./sshtransfer.sh filename remoteip_addr remoteip_port sshkeyname remote_directory\n```\n\nFor example, transfer local `/home/test.txt` file to remote server with ip = `1.1.1.1` and remote port `22` in remote directory `/home/remotessh` and key name `my1.key` located at `/root/.ssh/my1.key`.\n\n```\n./sshtransfer.sh /home/test.txt 1.1.1.1 22 my1.key /home/remotessh\n\ntransfer /home/test.txt to root@1.1.1.1:/home/remotessh\nrsync -avzi --progress --stats -e ssh -p 22 -i /root/.ssh/my1.key /home/test.txt root@1.1.1.1:/home/remotessh\nsending incremental file list\n\u003cf..t...... test.txt\n 2 100% 0.00kB/s 0:00:00 (xfer#1, to-check=0/1)\n\nNumber of files: 1\nNumber of files transferred: 1\nTotal file size: 2 bytes\nTotal transferred file size: 2 bytes\nLiteral data: 2 bytes\nMatched data: 0 bytes\nFile list size: 25\nFile list generation time: 0.001 seconds\nFile list transfer time: 0.000 seconds\nTotal bytes sent: 76\nTotal bytes received: 37\n\nsent 76 bytes received 37 bytes 15.07 bytes/sec\ntotal size is 2 speedup is 0.02\n\ncheck remote root@1.1.1.1:/home/remotessh\nssh -p 22 -i /root/.ssh/my1.key root@1.1.1.1 ls -lah /home/remotessh\ntotal 12K\ndrwxr-xr-x 2 root root 4.0K Jul 3 21:03 .\ndrwxr-xr-x. 8 root root 4.0K Jul 3 20:33 ..\n-rw-r--r-- 1 root root 2 Jul 3 21:03 test.txt\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcentminmod%2Fkeygen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcentminmod%2Fkeygen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcentminmod%2Fkeygen/lists"}