Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/centminmod/keygen

ssh private key pair generator
https://github.com/centminmod/keygen

bash centos ecdsa-key-pair ed25519 rsa-key-pair ssh ssh-key ssh-keygen ssh-keys

Last synced: 18 days ago
JSON representation

ssh private key pair generator

Awesome Lists containing this project

README 

        
description

===



This script generates and manages SSH keys for different types of encryption algorithms (RSA, ECDSA, and ED25519). It takes various command-line arguments to generate new keys, rotate existing keys, and set up the SSH configuration file for seamless access to remote hosts.



Key functionalities include:



1. Generating new SSH keys with or without a passphrase.

2. Rotating SSH keys, replacing the old key on the remote server with a new one.

3. Logging key generation and rotation processes.

4. Creating an entry in the SSH configuration file for easy access to remote hosts.

5. Providing a script to populate the remote server with the same generated SSH key.



install

===



Install sshpass YUM package and key github repo:



```

yum -y install sshpass



mkdir -p /root/tools

cd /root/tools

git clone --depth=1 https://github.com/centminmod/keygen

cd keygen

./keygen.sh

```



usage

===



You can use `gen` command to generate SSH key pairs or use `rotatekeys` command to rotate an existing SSH key



Where remote server's SSH password is optionally set via `remotessh_password`



```

./keygen.sh 

-------------------------------------------------------------------------

  ./keygen.sh {gen}

  ./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment



  or



  ./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment remotessh_password



  or



  ./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment remotessh_password unique_keyname_filename



-------------------------------------------------------------------------

  ./keygen.sh {rotatekeys}

  ./keygen.sh {rotatekeys} keytype remoteip remoteport remoteuser keycomment keyname



or



  ./keygen.sh {rotatekeys} keytype remoteip remoteport remoteuser keycomment "" unique_keyname_filename



-------------------------------------------------------------------------

  keytype supported: rsa, ecdsa, ed25519

```



cleanup

===



Removal all generated SSH keys and directories amd logs.



Example for `my1.key*`



```

rm -rf /etc/keygen/

rm -rf /root/.ssh/my1.key*

```



Then remove public key entry from`/root/.ssh/authorized_keys`.



unattended mode

===



If you do not pass on command line the last argument for `remotessh_password` for SSH user password, then when you run `keygen.sh` non-unattended at `ssh-copy-id` step you will be prompted for remote SSH user's SSH password for one time only to setup remote server's `authorized_keys` file. If you pass `remotessh_password` on command line, at `ssh-copy-id` step you will run in unattended mode and not be asked for SSH user's SSH password as `keygen.sh` installs and sets up `sshpass` to handle input for SSH password without user input.



Running unattended mode will also attempt to copy the generated public key over to the defined remote server's `$HOME/.ssh/authorized_keys` file so prompt you to do a one time login to the remote server via the password (only if you do not pass `remotessh_password` on command line). Then it will do a test ssh connection to the remote server using the newly generated key pair.



You'll end up with private and public key files named my`X` where `X` is a number which would increment automatically if you re-run this command on same server.



* private key at `$HOME/.ssh/my1.key`

* public key at `$HOME/.ssh/my1.key.pub`



Where:



* `1.1.1.1` is remote server IP

* `22` is remote server SSH port

* `root` is username for remote SSH user

* `comment` is unique identifying name i.e. `mykey@clienthostname` for setting up a Shell aliases further below. Also helps you to revoke the ssh key matching on this `comment`

* `remotessh_password` for SSH user password,



To generate rsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` and you pass the remote SSH user's SSH password via `remotessh_password` at `ssh-copy-id` step



    keygen.sh gen rsa 1.1.1.1 22 root comment remotessh_password



To generate rsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password



    keygen.sh gen rsa 1.1.1.1 22 root comment



To generate ecdsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password



    keygen.sh gen ecdsa 1.1.1.1 22 root comment



To generate ed25519 key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password



    keygen.sh gen ed25519 1.1.1.1 22 root comment



Once run is complete, you'll now be able to ssh into remote server with just specifying the path to your private key you generated



    ssh root@remoteip -p 22 -i ~/.ssh/my1.key



Output also lists instructions for setting up `~/.ssh/config` for Shell aliases where `mykey@clienthostname` is your `comment` defined above and `my1` is your private key name.



    -------------------------------------------------------------------

    Setup source server file /root/.ssh/config

    -------------------------------------------------------------------

    

    Add to /root/.ssh/config:

    

    Host my1

      Hostname 1.1.1.1

      Port 22

      IdentityFile /root/.ssh/my1.key

      IdentitiesOnly=yes

      User root

      #LogLevel DEBUG3

    

    saved copy at /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.log



    cat /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.log >> /root/.ssh/config



    -------------------------------------------------------------------

    Once /root/.ssh/config entry added, can connect via Host label:

     my1

    -------------------------------------------------------------------



    ssh my1



    -------------------------------------------------------------------

    

    keygen.sh run logged to: /etc/keygen/logs/keygen-081219-231227.log

    config logged to: /etc/keygen/generate-1.1.1.1-22-my1-081219-231227.log

    

    -------------------------------------------------------------------

    

    populating SSH key file at: /etc/keygen/logs/populate-keygen-081219-231227.log

    

    To configure remote with same generated SSH Key type:

    bash /etc/keygen/logs/populate-keygen-081219-231227.log

    

    -------------------------------------------------------------------

    list /etc/keygen

    

    total 4.0K

    -rw-r--r-- 1 root root  92 Dec  8 23:12 generate-1.1.1.1-22-my1-081219-231227.log

    drwxr-xr-x 2 root root 161 Dec  8 23:12 logs



So you'll be able to ssh into remote server via SSH shell alias for Host label



    ssh my1



### Populate SSH Key Globally



If you want to use the same generated SSH key in globally i.e. remote server use same generated SSH key to access the current server there's a populated SSH key file in output as well



    populating SSH key file at: /etc/keygen/logs/populate-keygen-081219-231227.log

    

    To configure remote with same generated SSH Key type:

    bash /etc/keygen/logs/populate-keygen-081219-231227.log



Running the suggested command will



1. add generated SSH public key to `$HOME/.ssh/authorized_keys` on local server as well

2. rsync transfer the generated SSH private key `$HOME/.ssh/${KEYNAME}.key` to the remote server's `$HOME/.ssh` directory as well via this repo's [sshtransfer.sh](https://github.com/centminmod/keygen#sshtransfersh) rsync wrapper.



```

bash /etc/keygen/logs/populate-keygen-081219-231227.log

```



contents of `/etc/keygen/logs/populate-keygen-081219-231227.log`



```

getpk=$(cat "/root/.ssh/my1.key.pub")

if [[ ! $(grep -w '' /root/.ssh/authorized_keys) ]]; then cat "/root/.ssh/my1.key.pub" >> /root/.ssh/authorized_keys; fi

./sshtransfer.sh /root/.ssh/my1.key 1.1.1.1 22 my1.key /root/.ssh/

```



example run



```

bash /etc/keygen/logs/populate-keygen-081219-231227.log



transfer /root/.ssh/my1.key to [email protected]:/root/.ssh/

rsync -avzi --progress --stats -e ssh -p 22 -i /root/.ssh/my1.key /root/.ssh/my1.key [email protected]:/root/.ssh/

sending incremental file list

> /root/.ssh/

    

    -------------------------------------------------------------------

    Once /root/.ssh/config entry added, can connect via Host label:

    my1

    -------------------------------------------------------------------

    

    ssh my1



sshtransfer.sh

===



`sshtransfer.sh` script is a wrapper script to quickly transfer files to a remote server configured with `keygen.sh` setup.



Usage



```

./sshtransfer.sh 



usage:



./sshtransfer.sh filename remoteip_addr remoteip_port sshkeyname remote_directory

```



For example, transfer local `/home/test.txt` file to remote server with ip = `1.1.1.1` and remote port `22` in remote directory `/home/remotessh` and key name `my1.key` located at `/root/.ssh/my1.key`.



```

./sshtransfer.sh /home/test.txt 1.1.1.1 22 my1.key /home/remotessh



transfer /home/test.txt to [email protected]:/home/remotessh

rsync -avzi --progress --stats -e ssh -p 22 -i /root/.ssh/my1.key /home/test.txt [email protected]:/home/remotessh

sending incremental file list