Why -f flag of ssh-keygen fails to follow symlink? - bash

My ~/.ssh directory is a symlink to /somewhere/else/.ssh/
Now, the following works perfectly; and the demo key ends up getting created at /somewhere/else/.ssh/Official, as expected.
export NewUser="Sam"
ssh-keygen -N "" -t rsa -b 8192 -C "Login Key of ${NewUser}." -f ~/.ssh/Official/demo
However, when -f is supplied with the same path but via a variable, it fails with the following error:
Saving key "~/.ssh/Official/demo" failed: No such file or directory
export NewUser="Darsh"
export SSHKey_Path="~/.ssh/Official/demo"
ssh-keygen -N "" -t rsa -b 8192 -C "Login Key of ${NewUser}." -f ${SSHKey_Path}
I have tried several ways to supply this variable, but nothing worked. I'm not able to find anything about variables in the documentation either. I wish to know why does -f fail to follow the symlink path ONLY if passed via a variable? Is there a workaround? I'm not sure but, would it be recommended to bring this to notice here?
EDIT: Updating question after debugging. The original question has been preserved below:
I am aware that ssh-keygen has a flag -f to specify input_keyfile - With which, once can create a key with custom name at a custom location. However, this fails if the input_keyfile is a variable.
How do I provide the key path as a variable to ssh-keygen?
Following are oversimplified snippets from the bigger code:
This works perfectly:
export NewUser="Sam"
ssh-keygen -N "" -t rsa -b 8192 -C "Login Key of ${NewUser}." -f ~/.ssh/Official/demo
However, this fails with the following error Saving key "~/.ssh/Official/demo" failed: No such file or directory
export NewUser="Darsh"
export SSHKey_Path="~/.ssh/Official/demo"
ssh-keygen -N "" -t rsa -b 8192 -C "Login Key of ${NewUser}." -f ${SSHKey_Path}
I have tried wrapping ${SSHKey_Path} in several ways, but nothing worked:
", ', $(echo ${SSHKey_Path}), and many more.

The failure is not in the variable, but in the interpretation of ~.
Try
export SSHKey_Path=~/.ssh/Official/demo
or
export SSHKey_Path="$HOME/.ssh/Official/demo"

Related

generating SSH key for github: "zsh: command not found: $"

I'm trying to configure github with my macOS system. I use iTerm and zsh. When I try to generate a new ssh key according to the instructions from the https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key I get an error "zsh: command not found: $". Please help.
$ is what you see in sh. In zsh you probably see [path#user] $ or something like that. You just mustn't copy this dollar sign. What you copy should by ONLY:
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
Runing it in bash instead works for me
exec bash
then
ssh-add -K ~/.ssh/id_ed25519
And you can switch back to zsh by
exec zsh
avoid copying dollar sign while generation ssh keys.
use this ----> ssh-keygen -t rsa -b 4096 -C "your_email#example.com"

How to generate and copy a SSH key in one line on macOS?

I use this command to generate a key:
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"`
However I do not want to save it as a file, instead I would like to copy it to my clipboard so it is ready to be pasted.
How can I do that? How to combine this with some sort of copy to clipboard command?
I tried the following command but it didn't work:
pbcopy ssh-keygen -t rsa -b 4096 -C "your_email#example.com"ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
You should create a script (or a function) to achieve this. Example with a script:
genkey.sh
#!/bin/bash
ssh-keygen -t rsa -b 4096 -C "your_email#example.com" -f $1 && pbcopy < $1.pub
The first command generates a key at the location given in the first argument of the script. The second one, pbcopy, copies the content of the newly-generated public key in your clipboard.
When running the script, feed it the path to the private key you want to generate:
sh genkey.sh ~/.ssh/id_rsa

Automate generating deploy key for github

I execute the following commands a few times a day:
ssh-keygen -t rsa -N "" -C "info#example.com" -f ~/.ssh/id_rsa_projectname
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa_projectname
cat ~/.ssh/id_rsa_projectname.pub
ssh -T git#github.com
The only variable in this script is the projectname, I would like to make a keygen.sh script or something like that to automate this process and pass along the projectname. Is this possible?
Also where should I start looking and what not to forget, I'm a bit new to bash scripting and I know it can be quite dangerous in the wrong hands.
Would it not be easier to just maintain a single set of staging or development keys rather than generating them for everything? IMHO you're losing configurability and not gaining much in security.
That aside, you're on the right track but I would do things a bit different.
export PROJECT=foo;
ssh-keygen -t rsa -N "" -C "info#example.com" -f ~/.ssh/id_rsa_${PROJECT}
That will generate named keys id_rsa_foo and id_rsa_foo.pub
Now you need to make your ssh config use it for github. ~/.ssh/config should have something like:
Host remote github.com
IdentityFile ~/.ssh/id_rsa_foo
User git
StrictHostKeyChecking no
You'll need to upload the public key to github. You'll have to figure this out for yourself using their API.
If you do all this correctly you should be able to git clone automagically.
#!/bin/bash
[[ -z "${PROJECT}" ]] && echo "project must be set" && exit 1
ssh-keygen -t rsa -N "" -C "info#example.com" -f ~/.ssh/id_rsa_${PROJECT}
chmod 400 ~/.ssh/id_rsa_${PROJECT}
echo $' Host remote github.com\n IdentityFile ~/.ssh/id_rsa_'${PROJECT}'\n User git\n StrictHostKeyChecking no' >> ~/.ssh/config
chmod 644 ~/.ssh/config
# do the github api stuff to add the pub key

scp shell stops when permission denied

I have a shell script that continuously put some data from one server to another. It works fine but I want to make it more secure. So at the moment if the other server denied the permission because the password was changed the scipts freezes. Is there a possibility so if this occurs it just ignores this line and just goes on?
inotifywait -m /srv/watchfolderfilme -e create -e moved_to |
while read path action file; do
...
sshpass -p "****" scp -r /srv/newtorrentfiles/* user#0.0.0.0:/srv/torrentfiles && rm -r /srv/newtorrentfiles/*
done
scp is no the best tool to deal with your problem.
As George said, using public keys with ssh is the best way to get rid of password change.
Also you can do the trick with rsync like this :
rsync -ahz --remove-source-files /srv/newtorrentfiles/ user#SRVNAME:/srv/torrentfiles/
or
rsync -ahz /srv/newtorrentfiles/ user#SRVNAME:/srv/torrentfiles/ && rm -r /srv/newtorrentfiles/*
To be sure that all is done like you wanted (make this script more "secure"), you can send you an email if the script fails for one reason or another not due to lack of permission.
Maybe not the answer you're looking for but why don't you use SSH keys?
Updated Script:
inotifywait -m /srv/watchfolderfilme -e create -e moved_to |
while read path action file; do
...
scp -r /srv/newtorrentfiles/* b#B:/srv/torrentfiles && rm -r /srv/newtorrentfiles/*
done
How to do it
a#A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a#A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a#A:~> ssh b#B mkdir -p .ssh
b#B's password:
Finally append a's new public key to b#B:.ssh/authorized_keys and enter b's password one last time:
a#A:~> cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
b#B's password:
From now on you can log into B as b from A as a without password:
a#A:~> ssh b#B
Source >> http://www.linuxproblem.org/art_9.html

Automating "enter" keypresses for bash script generating ssh keys

I would like to create script, which simply runs ssh-keygen -t rsa. But how to pass to it 3 times enter?
Try:
ssh-keygen -t rsa -N "" -f my.key
-N "" tells it to use an empty passphrase (the same as two of the enters in an interactive script)
-f my.key tells it to store the key into my.key (change as you see fit).
The whole thing runs without you needing to supply any enter keys :)
To send enters to an interactive script:
echo -e "\n\n\n" | ssh-keygen -t rsa
a version with passphrase is:
$ ssh-keygen -t rsa -b 4096 -C "comment" -P "examplePassphrase" -f "desired pathAndName" -q
the -q is for silent
Source is http://linux.die.net/man/1/ssh-keygen
Agree with Michel Marro except that it needs some more:
If the file already exists, it will still be interactive asking if it has to overwrite it.
Use the answer of this question.
yes y | ssh-keygen -q -t rsa -N '' >/dev/null
The redirection to null is necessary to silence the overwrite message.
It is recommended to use ed25519 for security and performance.
yes "y" | ssh-keygen -o -a 100 -t ed25519 -C "Bla Bla" -f /mypath/bla -N ""
here
-o OpenSSH key format instead of older PEM (needs OpenSSH 6.5+)
-a Number of primality test while screening DH-GEX candidates
-t Type of key (ed25519, RSA, DSA etc.)
-f /mypath/bla The output file path and name
-N "" Use empty passphase
and yes "y" for no interaction.
It will generate two files
/mypath/bla
/mypath/bla.pub
where the bla file is private and bla.pub is public.
echo -e "\n"|ssh-keygen -t rsa -N ""

Resources