-
-
Save hongkongkiwi/51ee987dfc4e494545e3760b75d3bc7a to your computer and use it in GitHub Desktop.
| #!/bin/sh +ux | |
| # We set the sh +ux flags so that we error on undefined variables and error on bad commands | |
| help() { | |
| echo >&2 "$0 [-f] [-p] [-q] [<priv_key_file>] [<key_type>] [<key_comment>]" | |
| echo >&2 | |
| echo >&2 "-q / --quiet to silent all output (except -p if passed)" | |
| echo >&2 "-p / --pubkey to output public key after generation" | |
| echo >&2 "-f / --force to force replacing existing key" | |
| echo >&2 | |
| echo >&2 "<priv_key_file> can be any valid filename [default: '$HOME/.ssh/id_dropbear']" | |
| echo >&2 "<key_type> can be 'rsa', 'dss', 'ecdsa' or 'ed25519' [default: 'ed25519']" | |
| echo >&2 "<key_comment> can be be any valid ascii string [default: '$USER@$(hostname)'" | |
| echo >&2 | |
| } | |
| REPLACE_KEY="" | |
| OUTPUT_PUBKEY="" | |
| QUIET="" | |
| for ARG in "$@"; do | |
| case "$ARG" in | |
| '-h'|'-help'|'--help') help; exit 255;; | |
| '-f'|'-force'|'--force') REPLACE_KEY="Y"; shift;; | |
| '-p'|'-pubkey'|'--pubkey') OUTPUT_PUBKEY="Y"; shift;; | |
| '-q'|'-quiet'|'--quiet') QUIET="Y"; shift;; | |
| '-'*) echo >&2 "ERROR: unknown argument '$ARG'"; echo >&2; help; exit 255;; | |
| esac | |
| done | |
| # Ensure that dropbearkey is installed | |
| command -v 'dropbearkey' >/dev/null 2>&1 || { echo >&2 "I require dropbearkey but it's not installed. Aborting."; exit 1; } | |
| # Will accept private key file name as first argument | |
| PRIVATE_KEY_FILE="${1:-"$HOME/.ssh/id_dropbear"}" | |
| PUBLIC_KEY_FILE="${PRIVATE_KEY_FILE}.pub" | |
| # Will accept key type as second argument | |
| KEY_TYPE="${2:-"ed25519"}" | |
| KEY_COMMENT="${3:-"$USER@$(hostname)"}" | |
| KEY_DIR="$(dirname "$PRIVATE_KEY_FILE")" | |
| # Ensure the directory exists | |
| mkdir -p "$KEY_DIR" | |
| # Set permissions for directory | |
| chmod 700 "$KEY_DIR" | |
| [ -f "$PRIVATE_KEY_FILE" -a -z "$REPLACE_KEY" ] && { echo >&2 "ERROR: $PRIVATE_KEY_FILE already exists. Pass -f/--force to override"; exit 1; } | |
| rm -f "$PRIVATE_KEY_FILE" | |
| # Generate an RSA key using dropbear | |
| if [ -z "$QUIET" ]; then | |
| dropbearkey -t "$KEY_TYPE" -f "$PRIVATE_KEY_FILE" >/dev/null || { echo >&2 "ERROR: failed generating private key"; exit 1; } | |
| echo >&2 "Key generation complete" | |
| else | |
| dropbearkey -t "$KEY_TYPE" -f "$PRIVATE_KEY_FILE" 2>/dev/null >/dev/null || { echo >&2 "ERROR: failed generating private key"; exit 1; } | |
| fi | |
| [ -f "$PRIVATE_KEY_FILE" ] || { echo >&2 "ERROR: private key file $PRIVATE_KEY_FILE does not exist"; exit 1; } | |
| # Set permissions for private key | |
| chmod 600 "$PRIVATE_KEY_FILE" | |
| # Output Public Key (override if exists) | |
| PUBLIC_KEY="$(dropbearkey -y -f "$PRIVATE_KEY_FILE" 2>/dev/null | grep "ssh-${KEY_TYPE} " | cut -f2 -d ' ')" | |
| echo "ssh-${KEY_TYPE} ${PUBLIC_KEY} ${KEY_COMMENT}" > "$PUBLIC_KEY_FILE" | |
| # Set permissions for public key | |
| chmod 644 "$PUBLIC_KEY_FILE" | |
| if [ -n "$OUTPUT_PUBKEY" ]; then | |
| # Show Public Key | |
| if [ -z "$QUIET" ]; then | |
| echo >&2 "Private Key:" | |
| fi | |
| cat "$PUBLIC_KEY_FILE" | |
| fi |
It worked that's nice !
Just changed the shebang to "#!/bin/sh" to make it work on OpenWRT
Your welcome, I just updated the script with your suggestion (+ux stops on error and errors on undefined vars). Also so you can pass in args (or ignore and just have it use defaults)
It makes sense to put the key into ~/.ssh/id_dropbear because it's used by default.
Also the key type may be changed to ed25519
Some docs on OpenWrt wiki
https://openwrt.org/docs/guide-user/security/dropbear.public-key.auth
Thanks @stokito , updated to set the correct default location.
Have also added some extra arguments, help and the ability to customize the filename and won't override the key by default without the generate-dropbear-key -f flag.
You can get the help with generate-dropbear-key -h now.
If you just want to only generate (and overwrite anything thats there) and not output anything:
generate-dropbear-key -f -q
You can change the name and type here (e.g. to create a rsa dropbear key:
generate-dropbear-key -p "$HOME/.ssh/id_dropbear_rsa" "rsa" "mycomment"
I made a small simplification https://gist.github.com/stokito/e43054c71572d77a665e2d8ec1096749/revisions
I created a PR to the Dropbear to generate a .pub with a comment mkj/dropbear#267
Please like, review and test.
Thanks! Works properly