Automate your ssh-keygen process

A lot of developers I know use a single id_rsa key to connect to every server. That’s a terrible idea from a security perspective. Especially if you’re connecting to servers you don’t manage.

Basically ssh keys are a lot like passwords: More diversity == less risk.

PSA: Never use DSA or ECDSA for encryption. Ed25519 is the best, but not fully supported, so generally I stick with 4096 bit RSA.

Anyway, here’s a little script I wrote to automate that process. Note this bash function depends on ssh-copy-id which you can install via homebrew :

$ brew install ssh-copy-id

drop this in your ~/.bashrc file

function keyme () {
  if [ -z "$1" -o -z "$2" ]; then
    echo "Please provide your email and a name for the key (preferably the server domain) - usage: newkey <email> <keyname>"
    return 1
  fi
  ssh-keygen -t rsa -b 4096 -C "$1" -f "$HOME/.ssh/${2}_rsa"

  read -r -p "Would you like to upload this key to a server now? [y/N] " response
  response=${response}    # tolower
  if [[ $response =~ ^(yes|y)$ ]]; then
    echo -n "Enter the server hostname or IP address and press [ENTER]: "
    read server
    echo -n "Enter your username for $server and press [ENTER]: "
    read username
    ssh-copy-id -i "$HOME/.ssh/${2}_rsa.pub" "$username@$server"
  fi
}

Next step is to create hosts entries in my ~/.ssh/config automatically

Show Comments