shell-network/modules/ssh-utils.mod

#!/bin/bash

# TODO.  instead  write files in sshd_config.d
# sshd_disable_pw () {
#   module_load config_edit
#   local cnf=$(declare -f confirm) 
#   local cc=$(declare -f config_change)
#   declare -A settings
#   local settings=( ["PasswordAuthentication"]=no ["PubkeyAuthentication"]=yes ["ChallengeResponseAuthentication"]=no)
#   #file=/etc/ssh/sshd_config
#   file=test.config
#   for setting in ${!settings[@]}; do        
#   sudo bash -c "$cnf;$cc;config_change $setting ${settings[${setting}]} $file"
#   done
# }


ssh_dir_permissions() {
    sudo chmod -R g-w $HOME
    echo warning turned off group write for $HOME as this can cause ssh failure
    sudo chown -R $USER:$USER $HOME/.ssh
    sudo chmod 00700 $HOME/.ssh
    sudo chmod 600 $HOME/.ssh/authorized_keys
    sudo chmod 400 $HOME/.ssh/id_rsa
    sudo chmod 644 $HOME/.ssh/id_rsa.pub
    sudo chmod 600 $HOME/.ssh/known_hosts
}


sshkeygen () {
  local OPTION; local OPTARG; local OPTIND; local pem
  local encode="-t ecdsa"; local pass
  while getopts 'pr' OPTION; do
    # echo $OPTION $OPTARG
    case "$OPTION" in
    
    p)
      pem="-m PEM"
      ;;  
    r)
      encode="-t rsa"
    ;; 
    *)
      echo unknown sshkeygen option $OPTION
      ;;  
    esac
  done

  shift $((OPTIND - 1))

  [[ ! $1 ]] && echo must supply a private key name && return 1
  [[ $2 ]] && pass="-P $2" || echo warning, you are creating an unencrypted key without a passphrase

 ssh-keygen -f $1 $encode -b 521 -C $1 $pass $pem

}
ssh modules and functions update - details to follow 2022-03-28 10:05:26 -07:00			`#!/bin/bash`

			`# TODO. instead write files in sshd_config.d`
			`# sshd_disable_pw () {`
			`# module_load config_edit`
			`# local cnf=$(declare -f confirm)`
			`# local cc=$(declare -f config_change)`
			`# declare -A settings`
			`# local settings=( ["PasswordAuthentication"]=no ["PubkeyAuthentication"]=yes ["ChallengeResponseAuthentication"]=no)`
			`# #file=/etc/ssh/sshd_config`
			`# file=test.config`
			`# for setting in ${!settings[@]}; do`
			`# sudo bash -c "$cnf;$cc;config_change $setting ${settings[${setting}]} $file"`
			`# done`
			`# }`


			`ssh_dir_permissions() {`
			`sudo chmod -R g-w $HOME`
			`echo warning turned off group write for $HOME as this can cause ssh failure`
			`sudo chown -R $USER:$USER $HOME/.ssh`
			`sudo chmod 00700 $HOME/.ssh`
			`sudo chmod 600 $HOME/.ssh/authorized_keys`
			`sudo chmod 400 $HOME/.ssh/id_rsa`
			`sudo chmod 644 $HOME/.ssh/id_rsa.pub`
			`sudo chmod 600 $HOME/.ssh/known_hosts`
refactor ssh-pubkey to handle finding public key in multiple ways 2022-12-31 23:29:20 -08:00			`}`


			`sshkeygen () {`
			`local OPTION; local OPTARG; local OPTIND; local pem`
			`local encode="-t ecdsa"; local pass`
			`while getopts 'pr' OPTION; do`
			`# echo $OPTION $OPTARG`
			`case "$OPTION" in`

			`p)`
			`pem="-m PEM"`
			`;;`
			`r)`
			`encode="-t rsa"`
			`;;`
			`*)`
			`echo unknown sshkeygen option $OPTION`
			`;;`
			`esac`
			`done`

			`shift $((OPTIND - 1))`

			`[[ ! $1 ]] && echo must supply a private key name && return 1`
add sshkeygen function 2023-01-01 10:41:37 -08:00			`[[ $2 ]] && pass="-P $2" \|\| echo warning, you are creating an unencrypted key without a passphrase`
refactor ssh-pubkey to handle finding public key in multiple ways 2022-12-31 23:29:20 -08:00
add sshkeygen function 2023-01-01 10:41:37 -08:00			`ssh-keygen -f $1 $encode -b 521 -C $1 $pass $pem`
refactor ssh-pubkey to handle finding public key in multiple ways 2022-12-31 23:29:20 -08:00
			`}`