Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/centminmod/keygen
ssh private key pair generator
https://github.com/centminmod/keygen
bash centos ecdsa-key-pair ed25519 rsa-key-pair ssh ssh-key ssh-keygen ssh-keys
Last synced: about 2 months ago
JSON representation
ssh private key pair generator
- Host: GitHub
- URL: https://github.com/centminmod/keygen
- Owner: centminmod
- Created: 2015-10-02T02:55:19.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2023-05-06T03:35:35.000Z (over 1 year ago)
- Last Synced: 2024-10-12T02:46:31.014Z (2 months ago)
- Topics: bash, centos, ecdsa-key-pair, ed25519, rsa-key-pair, ssh, ssh-key, ssh-keygen, ssh-keys
- Language: Shell
- Size: 72.3 KB
- Stars: 10
- Watchers: 3
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
description
===This script generates and manages SSH keys for different types of encryption algorithms (RSA, ECDSA, and ED25519). It takes various command-line arguments to generate new keys, rotate existing keys, and set up the SSH configuration file for seamless access to remote hosts.
Key functionalities include:
1. Generating new SSH keys with or without a passphrase.
2. Rotating SSH keys, replacing the old key on the remote server with a new one.
3. Logging key generation and rotation processes.
4. Creating an entry in the SSH configuration file for easy access to remote hosts.
5. Providing a script to populate the remote server with the same generated SSH key.install
===Install sshpass YUM package and key github repo:
```
yum -y install sshpassmkdir -p /root/tools
cd /root/tools
git clone --depth=1 https://github.com/centminmod/keygen
cd keygen
./keygen.sh
```usage
===You can use `gen` command to generate SSH key pairs or use `rotatekeys` command to rotate an existing SSH key
Where remote server's SSH password is optionally set via `remotessh_password`
```
./keygen.sh
-------------------------------------------------------------------------
./keygen.sh {gen}
./keygen.sh {gen} keytype remoteip remoteport remoteuser keycommentor
./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment remotessh_password
or
./keygen.sh {gen} keytype remoteip remoteport remoteuser keycomment remotessh_password unique_keyname_filename
-------------------------------------------------------------------------
./keygen.sh {rotatekeys}
./keygen.sh {rotatekeys} keytype remoteip remoteport remoteuser keycomment keynameor
./keygen.sh {rotatekeys} keytype remoteip remoteport remoteuser keycomment "" unique_keyname_filename
-------------------------------------------------------------------------
keytype supported: rsa, ecdsa, ed25519
```cleanup
===Removal all generated SSH keys and directories amd logs.
Example for `my1.key*`
```
rm -rf /etc/keygen/
rm -rf /root/.ssh/my1.key*
```Then remove public key entry from`/root/.ssh/authorized_keys`.
unattended mode
===If you do not pass on command line the last argument for `remotessh_password` for SSH user password, then when you run `keygen.sh` non-unattended at `ssh-copy-id` step you will be prompted for remote SSH user's SSH password for one time only to setup remote server's `authorized_keys` file. If you pass `remotessh_password` on command line, at `ssh-copy-id` step you will run in unattended mode and not be asked for SSH user's SSH password as `keygen.sh` installs and sets up `sshpass` to handle input for SSH password without user input.
Running unattended mode will also attempt to copy the generated public key over to the defined remote server's `$HOME/.ssh/authorized_keys` file so prompt you to do a one time login to the remote server via the password (only if you do not pass `remotessh_password` on command line). Then it will do a test ssh connection to the remote server using the newly generated key pair.
You'll end up with private and public key files named my`X` where `X` is a number which would increment automatically if you re-run this command on same server.
* private key at `$HOME/.ssh/my1.key`
* public key at `$HOME/.ssh/my1.key.pub`Where:
* `1.1.1.1` is remote server IP
* `22` is remote server SSH port
* `root` is username for remote SSH user
* `comment` is unique identifying name i.e. `mykey@clienthostname` for setting up a Shell aliases further below. Also helps you to revoke the ssh key matching on this `comment`
* `remotessh_password` for SSH user password,To generate rsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` and you pass the remote SSH user's SSH password via `remotessh_password` at `ssh-copy-id` step
keygen.sh gen rsa 1.1.1.1 22 root comment remotessh_password
To generate rsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password
keygen.sh gen rsa 1.1.1.1 22 root comment
To generate ecdsa key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password
keygen.sh gen ecdsa 1.1.1.1 22 root comment
To generate ed25519 key pair where `comment` is a unique identifier for your generated key i.e. `mykey@clienthostname` without `remotessh_password`. At `ssh-copy-id` step you will be prompted for remote SSH user's SSH password
keygen.sh gen ed25519 1.1.1.1 22 root comment
Once run is complete, you'll now be able to ssh into remote server with just specifying the path to your private key you generated
ssh root@remoteip -p 22 -i ~/.ssh/my1.key
Output also lists instructions for setting up `~/.ssh/config` for Shell aliases where `mykey@clienthostname` is your `comment` defined above and `my1` is your private key name.
-------------------------------------------------------------------
Setup source server file /root/.ssh/config
-------------------------------------------------------------------
Add to /root/.ssh/config:
Host my1
Hostname 1.1.1.1
Port 22
IdentityFile /root/.ssh/my1.key
IdentitiesOnly=yes
User root
#LogLevel DEBUG3
saved copy at /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.logcat /etc/keygen/logs/ssh-config-alias-my1-1.1.1.1.key.log >> /root/.ssh/config
-------------------------------------------------------------------
Once /root/.ssh/config entry added, can connect via Host label:
my1
-------------------------------------------------------------------ssh my1
-------------------------------------------------------------------
keygen.sh run logged to: /etc/keygen/logs/keygen-081219-231227.log
config logged to: /etc/keygen/generate-1.1.1.1-22-my1-081219-231227.log
-------------------------------------------------------------------
populating SSH key file at: /etc/keygen/logs/populate-keygen-081219-231227.log
To configure remote with same generated SSH Key type:
bash /etc/keygen/logs/populate-keygen-081219-231227.log
-------------------------------------------------------------------
list /etc/keygen
total 4.0K
-rw-r--r-- 1 root root 92 Dec 8 23:12 generate-1.1.1.1-22-my1-081219-231227.log
drwxr-xr-x 2 root root 161 Dec 8 23:12 logsSo you'll be able to ssh into remote server via SSH shell alias for Host label
ssh my1
### Populate SSH Key Globally
If you want to use the same generated SSH key in globally i.e. remote server use same generated SSH key to access the current server there's a populated SSH key file in output as well
populating SSH key file at: /etc/keygen/logs/populate-keygen-081219-231227.log
To configure remote with same generated SSH Key type:
bash /etc/keygen/logs/populate-keygen-081219-231227.logRunning the suggested command will
1. add generated SSH public key to `$HOME/.ssh/authorized_keys` on local server as well
2. rsync transfer the generated SSH private key `$HOME/.ssh/${KEYNAME}.key` to the remote server's `$HOME/.ssh` directory as well via this repo's [sshtransfer.sh](https://github.com/centminmod/keygen#sshtransfersh) rsync wrapper.```
bash /etc/keygen/logs/populate-keygen-081219-231227.log
```contents of `/etc/keygen/logs/populate-keygen-081219-231227.log`
```
getpk=$(cat "/root/.ssh/my1.key.pub")
if [[ ! $(grep -w '' /root/.ssh/authorized_keys) ]]; then cat "/root/.ssh/my1.key.pub" >> /root/.ssh/authorized_keys; fi
./sshtransfer.sh /root/.ssh/my1.key 1.1.1.1 22 my1.key /root/.ssh/
```example run
```
bash /etc/keygen/logs/populate-keygen-081219-231227.logtransfer /root/.ssh/my1.key to [email protected]:/root/.ssh/
rsync -avzi --progress --stats -e ssh -p 22 -i /root/.ssh/my1.key /root/.ssh/my1.key [email protected]:/root/.ssh/
sending incremental file list
> /root/.ssh/
-------------------------------------------------------------------
Once /root/.ssh/config entry added, can connect via Host label:
my1
-------------------------------------------------------------------
ssh my1sshtransfer.sh
===`sshtransfer.sh` script is a wrapper script to quickly transfer files to a remote server configured with `keygen.sh` setup.
Usage
```
./sshtransfer.shusage:
./sshtransfer.sh filename remoteip_addr remoteip_port sshkeyname remote_directory
```For example, transfer local `/home/test.txt` file to remote server with ip = `1.1.1.1` and remote port `22` in remote directory `/home/remotessh` and key name `my1.key` located at `/root/.ssh/my1.key`.
```
./sshtransfer.sh /home/test.txt 1.1.1.1 22 my1.key /home/remotesshtransfer /home/test.txt to [email protected]:/home/remotessh
rsync -avzi --progress --stats -e ssh -p 22 -i /root/.ssh/my1.key /home/test.txt [email protected]:/home/remotessh
sending incremental file list