Saturday, April 8, 2017

The Keymaker: Simplifying Your Personal SSH Key Management

Image from here. Screen shot from film The Matrix Reloaded

If you are like myself, and ssh into multiple remote machines, or even simply use Github over ssh this is for you.

The Problem

SSH has a lot of settings you can use, but when you're a relatively new developer you're not going to go mucking around in a config file you don't need to when there's work to be done! There are also security concerns with some settings, and issues if you have a lot of ssh keys. Also typing long username@domain strings can be annoying.

The Solution

The Keymaker o——m, a small script (fewer than 250 lines) to help create ssh keys for remote machines.

What does it do?

First it helps you create a config file. If one exists already it will rename it with the suffix ".BACKUP".

By default all ssh connections will show a randomart image (VisualHostKey yes) based on the public key provided by the host. This randomart image can be used to visually identify the host's key. This is much easier than trying to identify something like 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.

Instead you get to look at a picture, which is easier to compare, and easier to remember. For instance, I've come to associate's key with this randomart that looks like a flame (note: this may and likely will change as github changes their public key)

+--[ RSA 2048]----+
|        .        |
|       + .       |
|      . B .      |
|     o * +       |
|    X * S        |
|   + O o . .     |
|    .   E . o    |
|       . . o     |
|        . .      |

The Keymaker's connections are also kept alive for an hour, in the event that you leave a terminal open it but need it open.

It also disables forwardingx11 (you may want to turn this back on for some keys) and only sends the keys it needs to (instead of sending all of your ssh keys to each host)

When you actually run the keymaker, it asks a variety of questions used to generate your ssh key, generates it, adds the information to the config file (for that specific host) and then finally attempts to copy the key to the server you are setting it up for. If you are connecting to a server such as github that won't let that command go through it will fail (and that's fine). You'll need to manually add your new public key via the web interface on Github (or whatever method the site/server uses).

One nice benefit is it works with non-standard ports and allows you to set a "shortname" (ie alias for that key/username/hostname/port combination)

This will allow for passwordless logins to that server with your newly created key!


Grab my script from github, place it in a folder that's in your $PATH (optionally rename it) and you're good to go!

When you run the script it will prompt you for information as you go.

Note: If you are creating an ssh key for Github you must use with no shortname.

Comments, feedback and PRs are welcome!