A script for generation of ssh key in .ppk format using only CLI tools

myaccessid_get_ssh_key.ps1

$BASE_URL="https://62.3.171.170:443"
$IDP_NAME="MyAccessIDAcc"
$SSH_TEMP_FOLDER = "/tmp/" # TODO: change me

# TODO: ensure your IP is whitelisted
# Invoke-WebRequest "$BASE_URL/provisioners"


function Generate-MAC {
    param (
        [string] $PrivateKey
    )
    # Calculate MAC

    # Define your input message and secret key
    $secretKey = "putty-private-key-file-mac-key"
    $message=$PRIVATE_KEY.Replace(' ','')

    # Convert the secret key and message to byte arrays
    $secretKeyBytes = [System.Text.Encoding]::UTF8.GetBytes($secretKey)
    $messageBytes = [System.Text.Encoding]::UTF8.GetBytes($PRIVATE_KEY)

    # Create an HMAC object with the SHA256 hash algorithm and secret key
    $hmac = [System.Security.Cryptography.HMACSHA256]::new($secretKeyBytes) 

    # Compute the HMAC for the message
    $macBytes = $hmac.ComputeHash($messageBytes)

    # Convert the MAC bytes to a hexadecimal string
    $macHexString = [BitConverter]::ToString($macBytes) -replace '-', ''

    # Return the MAC
    Return $macHexString
}

# Generate new ed25519 SSH key
ssh-keygen -f "$SSH_TEMP_FOLDER/id_ed25519" -t "ed25519" -N "" -q

# Get private key content
$PRIVATE_KEY_ARR=$(Get-Content $SSH_TEMP_FOLDER\id_ed25519 | Select -Skip 1 | Select -SkipLast 1)
$PRIVATE_KEY_STR=$($PRIVATE_KEY_ARR -Join "")
$PRIVATE_KEY_LINES = $PRIVATE_KEY_ARR.length

# Get public key content
$PUBLIC_KEY=$(Get-Content $SSH_TEMP_FOLDER\id_ed25519.pub -Delimiter " ")[1]

# Write output in ppk format
Write-Output "PuTTY-User-Key-File-3: ssh-ed25519
Encryption: none
Comment: eddsa-key-20240402
Public-Lines: 1
$PUBLIC_KEY
Private-Lines: $PRIVATE_KEY_LINES
$($PRIVATE_KEY_ARR -Join "`r`n")
Private-MAC: $(Generate-MAC $PRIVATE_KEY_STR)"