Script to automate setup of ssh-public/private-key authentication to avoid some common pitfalls
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes Make all files have unix-newlines always Oct 29, 2017
LICENSE.md Add License-file Oct 7, 2015
README.md Update README.md May 1, 2018
generate-and-send-ssh-key.sh Add a few newlines in the output Jun 5, 2018

README.md

What

This is a small script to perform all the tasks that are necessary to create a private/public keypair for ssh-authentication for password-less connecting to a remote server. Additionally it performs some checks and adjusts file-permissions both locally and on the remote server to avoid some common pitfalls.

Why

Because I failed every time I tried to do this manually.

How

Preconditions

You need to be able to connect to the remote server with username and password.

Grab it
git clone git://github.com/centic9/generate-and-send-ssh-key
Run it

The script expects some commandline arguments which specify which key should be transferred/created and where it should be sent to:

-u(--user) <username>, default: $USER
-f(--file) <file>, default: ~/.ssh/id_test
-h(--host) <hostname>, default: host
-p(--port) <port>, default: <default ssh port>
-k(--keysize) <size>, default: 2048
-t(--keytype) <type>, default: rsa
-P(--passphrase) <key-passphrase>, default: <empty>

You should at least set --file, --host and --user. If the key-file does not exist yet, a new key will be generated.

cd generate-and-send-ssh-key
./generate-and-send-ssh-key.sh --user bob --host myhost

This will ask for the password of the target host at least once, probably twice, if the permissions are not set correctly yet.

Enjoy

Now you should be able to connect to the machine via ssh -i $FILENAME $USER@$HOST. If you use the filename ~/.ssh/id_rsa you can omit the "-i" argument to ssh.

Caveat

This script will remove write access to your home-directory for "group" and "other" on the remote server because ssh-public/private key authentication will not work otherwise. So if there are processes running as different user writing data to this directory they may fail after this script was run.

Related documents

Licensing

Copyright 2015-2018 Dominik Stadler

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.