automate/010_generate-ssh.sh

#!/usr/bin/env bash
HOME=${1:-/etc/skel}

# ohmyzsh sshoagent looks only for keys in "${HOME}"/.ssh called id_rsa id_dsa id_ecdsa id_ed25519 identity
# unless you use the following in your .zshrc before ohmyzsh is envoked:
# zstyle :omz:plugins:ssh-agent identities  devuan_rsa debian_rsa github_rsa gitlab_rsa gitea_rsa
#
mkdir -p "${HOME}"/.zshrc.pre-plugins.d
cat <<-EOF | sudo tee -a "${HOME}"/.zshrc.pre-plugins.d/001_ssh-agent >/dev/null
    zstyle :omz:plugins:ssh-agent identities  devuan_rsa debian_rsa github_rsa gitlab_rsa gitea_rsa
EOF

# see: https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/ssh-agent/ssh-agent.plugin.zsh
# FIXME: Rather than just creating these files in tmp move the actions into the loop blow.
LOCAL_USER_EMAIL=cyteen@ring-zero.co.uk
cat > /tmp/generate-ssh-key.sh <<-EOF
	ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/id_rsa
	ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/devuan_rsa
	ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/debian_rsa
	ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/github_rsa
	ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/gitlab_rsa
	ssh-keygen -t rsa -b 4096 -N '' -C "${LOCAL_USER_EMAIL}" -f "${HOME}"/.ssh/gitea_rsa
EOF

cat > /tmp/ssh-key-add.sh <<-EOF
	eval "$(ssh-agent -s)"
	ssh-add "${HOME}"/.ssh/id_rsa
	ssh-add "${HOME}"/.ssh/devuan_rsa
	ssh-add "${HOME}"/.ssh/debian_rsa
	ssh-add "${HOME}"/.ssh/github_rsa
	ssh-add "${HOME}"/.ssh/gitlab_rsa
	ssh-add "${HOME}"/.ssh/gitea_rsa
EOF

cat > /tmp/ssh-key-permissions.sh <<-EOF
	chmod 700 "${HOME}"/.ssh
	chmod 644 "${HOME}"/.ssh/authorized_keys
	chmod 644 "${HOME}"/.ssh/known_hosts
	chmod 644 "${HOME}"/.ssh/config
	chmod 600 "${HOME}"/.ssh/id_rsa
	chmod 644 "${HOME}"/.ssh/id_rsa.pub
	chmod 600 "${HOME}"/.ssh/gitea_rsa
	chmod 644 "${HOME}"/.ssh/gitea_rsa.pub
	chmod 600 "${HOME}"/.ssh/gitlab_rsa
	chmod 644 "${HOME}"/.ssh/gitlab_rsa.pub
	chmod 600 "${HOME}"/.ssh/github_rsa
	chmod 644 "${HOME}"/.ssh/github_rsa.pub
	chmod 600 "${HOME}"/.ssh/devuan_rsa
	chmod 644 "${HOME}"/.ssh/devuan_rsa.pub
	chmod 600 "${HOME}"/.ssh/debian_rsa
	chmod 644 "${HOME}"/.ssh/debian_rsa.pub
EOF

## Set preferred key for each
# local gitea
cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null

	Host git2.ring-zero.co.uk
		User git
		Preferredauthentications publickey
		IdentityFile "${HOME}"/.ssh/gitea_rsa
EOF

# local gitlab
cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null

	Host git.ring-zero.co.uk
		User git
		Preferredauthentications publickey
		IdentityFile "${HOME}"/.ssh/gitlab_rsa
EOF

# gitlab
cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null

	Host gitlab.com
		User git
		Preferredauthentications publickey
		IdentityFile "${HOME}"/.ssh/gitlab_rsa
EOF

# github
cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null

	Host github.com
		User git
		Preferredauthentications publickey
		IdentityFile "${HOME}"/.ssh/github_rsa
EOF

# devuan
cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null

	Host git.devuan.org
		User git
		Preferredauthentications publickey
		IdentityFile "${HOME}"/.ssh/devuan_rsa
EOF

# debian
cat <<-EOF | sudo tee -a "${HOME}"/.ssh/config >/dev/null

	Host salsa.debian.org
		User git
		Preferredauthentications publickey
		IdentityFile "${HOME}"/.ssh/debian_rsa
EOF

DEST=${1:-/etc/skel}
cat > "${DEST}"/.zprofile <<-'EOF'

	if [ -f "${DEST}"/.ssh/id_rsa.pub ]; then
		chmod 644 "${DEST}"/.ssh/id_rsa.pub
	else
		echo "Generating ssh keys."
		ssh-keygen -q -t rsa -N '' -f "${HOME}"/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
		chmod 644 "${DEST}"/.ssh/id_rsa.pub
	fi
EOF

chmod +x "${DEST}"/.zprofile 

# System keys
ssh-keygen -A

# Root user keys
ssh-keygen -q -t rsa -N '' -f "${DEST}"/.ssh/id_rsa 2>/dev/null <<< y >/dev/null

# Do this for any server you want to connect to without interaction.
# ssh-keyscan git.ring-zero.co.uk >> "${HOME}"/.ssh/known_hosts