Skip to content

Script to automate the setup of ssh-public/private-key authentication to avoid some common pitfalls

License

Notifications You must be signed in to change notification settings

centic9/generate-and-send-ssh-key

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

What

This is a small script to perform all the tasks that are necessary to create a private/public keypair for ssh-authentication for password-less connecting to a remote server. Additionally it performs some checks and adjusts file-permissions both locally and on the remote server to avoid some common pitfalls.

Why

Because I failed every time I tried to do this manually.

How

Preconditions

You need to be able to connect to the remote server with ssh and a username and password.

Grab it

git clone https://github.com/centic9/generate-and-send-ssh-key.git

Run it

The script expects some commandline arguments which specify which key should be transferred/created and where it should be sent to:

-u (--user) <username>, default: $USER
-f (--file) <file>,     default: ~/.ssh/id_test
-h (--host) <hostname>, default: host
 
-p (--port)    <port>, default: <default ssh port>
-k (--keysize) <size>, default: 2048
-t (--keytype) <type>, default: rsa

-P(--passphrase) <key-passphrase>, default: <empty>

You should at least set --user, --file, and --host.

cd generate-and-send-ssh-key
./generate-and-send-ssh-key.sh --user bob --host myhost

This will ask for the password of the target host at least once, probably twice, if the permissions are not set correctly yet.

If the key-file does not exist yet, a new key will be generated.

Enjoy

Now you should be able to connect to the machine via ssh -i $FILENAME $USER@$HOST.
If you use the filename ~/.ssh/id_rsa you can omit the "-i" argument to ssh.

Support this project

If you find this tool useful and would like to support it, you can Sponsor the author

Caveat

This script will remove write access to your home-directory for "group" and "other" on the remote server because ssh-public/private key authentication will not work otherwise.

So if there are processes running as different user, writing data to this directory may fail for them after this script is run.

Related documents

Documentation on SSH login issues

Licensing

Copyright 2015-2022 Dominik Stadler

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

Script to automate the setup of ssh-public/private-key authentication to avoid some common pitfalls

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

 

Packages

No packages published

Languages