#!/bin/bash # TODO. instead write files in sshd_config.d # sshd_disable_pw () { # module_load config_edit # local cnf=$(declare -f confirm) # local cc=$(declare -f config_change) # declare -A settings # local settings=( ["PasswordAuthentication"]=no ["PubkeyAuthentication"]=yes ["ChallengeResponseAuthentication"]=no) # #file=/etc/ssh/sshd_config # file=test.config # for setting in ${!settings[@]}; do # sudo bash -c "$cnf;$cc;config_change $setting ${settings[${setting}]} $file" # done # } ssh_dir_permissions() { sudo chmod -R g-w $HOME echo warning turned off group write for $HOME as this can cause ssh failure sudo chown -R $USER:$USER $HOME/.ssh sudo chmod 00700 $HOME/.ssh sudo chmod 600 $HOME/.ssh/authorized_keys sudo chmod 400 $HOME/.ssh/id_rsa sudo chmod 644 $HOME/.ssh/id_rsa.pub sudo chmod 600 $HOME/.ssh/known_hosts } sshkeygen () { local OPTION; local OPTARG; local OPTIND; local pem local encode; local pass while getopts 'pr' OPTION; do # echo $OPTION $OPTARG case "$OPTION" in p) pem="-m PEM" ;; e) encode="-t ecdsa -b 521" ;; *) echo unknown sshkeygen option $OPTION ;; esac done shift $((OPTIND - 1)) [[ ! $1 ]] && echo must supply a private key name && return 1 [[ $2 ]] && pass="-P $2" || echo warning, you are creating an unencrypted key without a passphrase ssh-keygen -f $1 $encode -C $1 $pass $pem }