A lot of developers I know use a single id_rsa key to connect to every server. That’s a terrible idea from a security perspective. Especially if you’re connecting to servers you don’t manage.
Basically ssh keys are a lot like passwords: More diversity == less risk.
PSA: Never use DSA or ECDSA for encryption. Ed25519 is the best, but not fully supported, so generally I stick with 4096 bit RSA.
Anyway, here’s a little script I wrote to automate that process. Note this bash function depends on ssh-copy-id which you can install via homebrew :
1
| $ brew install ssh-copy-id
|
drop this in your ~/.bashrc file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| function keyme () {
if [ -z "$1" -o -z "$2" ]; then
echo "Please provide your email and a name for the key (preferably the server domain) - usage: newkey <email> <keyname>"
return 1
fi
ssh-keygen -t rsa -b 4096 -C "$1" -f "$HOME/.ssh/${2}_rsa"
read -r -p "Would you like to upload this key to a server now? [y/N] " response
response=${response} # tolower
if [[ $response =~ ^(yes|y)$ ]]; then
echo -n "Enter the server hostname or IP address and press [ENTER]: "
read server
echo -n "Enter your username for $server and press [ENTER]: "
read username
ssh-copy-id -i "$HOME/.ssh/${2}_rsa.pub" "$username@$server"
fi
}
|