#!/usr/bin/env bash HOME=${1:-/etc/skel} # ohmyzsh sshoagent looks only for keys in "${HOME}"/.ssh called id_rsa id_dsa id_ecdsa id_ed25519 identity # unless you use the following in your .zshrc before ohmyzsh is envoked: # zstyle :omz:plugins:ssh-agent identities devuan_rsa debian_rsa github_rsa gitlab_rsa gitea_rsa # mkdir -p "${HOME}"/.zshrc.pre-plugins.d cat <<-EOF | sudo tee -a "${HOME}"/.zshrc.pre-plugins.d/001_ssh-agent >/dev/null zstyle :omz:plugins:ssh-agent identities devuan_rsa debian_rsa github_rsa gitlab_rsa gitea_rsa EOF # see: https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/ssh-agent/ssh-agent.plugin.zsh # FIXME: Rather than just creating these files in tmp move the actions into the loop blow. LOCAL_USER_EMAIL=cyteen@ring-zero.co.uk cat > /tmp/generate-ssh-key.sh <<-EOF ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/id_rsa ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/devuan_rsa ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/debian_rsa ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/github_rsa ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/gitlab_rsa ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/gitea_rsa EOF cat > /tmp/ssh-key-add.sh <<-EOF eval "$(ssh-agent -s)" ssh-add "${HOME}"/.ssh/id_rsa ssh-add "${HOME}"/.ssh/devuan_rsa ssh-add "${HOME}"/.ssh/debian_rsa ssh-add "${HOME}"/.ssh/github_rsa ssh-add "${HOME}"/.ssh/gitlab_rsa ssh-add "${HOME}"/.ssh/gitea_rsa EOF cat > /tmp/ssh-key-permissions.sh <<-EOF chmod 700 "${HOME}"/.ssh chmod 644 "${HOME}"/.ssh/authorized_keys chmod 644 "${HOME}"/.ssh/known_hosts chmod 644 "${HOME}"/.ssh/config chmod 600 "${HOME}"/.ssh/id_rsa chmod 644 "${HOME}"/.ssh/id_rsa.pub chmod 600 "${HOME}"/.ssh/gitea_rsa chmod 644 "${HOME}"/.ssh/gitea_rsa.pub chmod 600 "${HOME}"/.ssh/gitlab_rsa chmod 644 "${HOME}"/.ssh/gitlab_rsa.pub chmod 600 "${HOME}"/.ssh/github_rsa chmod 644 "${HOME}"/.ssh/github_rsa.pub chmod 600 "${HOME}"/.ssh/devuan_rsa chmod 644 "${HOME}"/.ssh/devuan_rsa.pub chmod 600 "${HOME}"/.ssh/debian_rsa chmod 644 "${HOME}"/.ssh/debian_rsa.pub EOF ## Set preferred key for each # local gitea cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null Host git2.ring-zero.co.uk User git Preferredauthentications publickey IdentityFile "${HOME}"/.ssh/gitea_rsa EOF # local gitlab cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null Host git.ring-zero.co.uk User git Preferredauthentications publickey IdentityFile "${HOME}"/.ssh/gitlab_rsa EOF # gitlab cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null Host gitlab.com User git Preferredauthentications publickey IdentityFile "${HOME}"/.ssh/gitlab_rsa EOF # github cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null Host github.com User git Preferredauthentications publickey IdentityFile "${HOME}"/.ssh/github_rsa EOF # devuan cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null Host git.devuan.org User git Preferredauthentications publickey IdentityFile "${HOME}"/.ssh/devuan_rsa EOF # debian cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null Host salsa.debian.org User git Preferredauthentications publickey IdentityFile "${HOME}"/.ssh/debian_rsa EOF DEST=${1:-/etc/skel} cat > "${DEST}"/.zprofile <<-'EOF' if [ -f "${DEST}"/.ssh/id_rsa.pub ]; then chmod 644 "${DEST}"/.ssh/id_rsa.pub else echo "Generating ssh keys." ssh-keygen -q -t rsa -N '' -f "${HOME}"/.ssh/id_rsa 2>/dev/null <<< y >/dev/null chmod 644 "${DEST}"/.ssh/id_rsa.pub fi EOF chmod +x "${DEST}"/.zprofile # System keys ssh-keygen -A # Root user keys ssh-keygen -q -t rsa -N '' -f "${DEST}"/.ssh/id_rsa 2>/dev/null <<< y >/dev/null # Do this for any server you want to connect to without interaction. # ssh-keyscan git.ring-zero.co.uk >> "${HOME}"/.ssh/known_hosts