Skip to content

Instantly share code, notes, and snippets.

@skull-squadron

skull-squadron/ssh-regen-moduli

Last active April 8, 2024 10:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save skull-squadron/286d89c38788d4fdfeb65c7accd9a647 to your computer and use it in GitHub Desktop.
Save skull-squadron/286d89c38788d4fdfeb65c7accd9a647 to your computer and use it in GitHub Desktop.
Download ZIP
Regenerate /etc/ssh/moduli for modern openssh
Raw
ssh-regen-moduli
#!/usr/bin/env bash
set -euo pipefail
# This script supports openssh 8.2+
(( ! UID )) || exec /usr/bin/sudo "$0" "$@"
var=${0//[^a-zA-Z0-9_]/_}
eval [ "\${$var-}" ] || exec /usr/bin/env ${var}=1 /usr/bin/flock -en "$0" "$0" "$@"
bits=${1:-4096}
min_bits=$((bits - 1))
moduli::generate() {
/usr/bin/ssh-keygen -M generate "$@" /dev/stdout
}
moduli::screen() {
/usr/bin/ssh-keygen -M screen -f "$1" "$2"
}
moduli::safe() {
[ ! -e moduli ] || /usr/bin/awk "\$5 >= $min_bits" moduli
}
time {
cd /etc/ssh
set -x
moduli::screen <(moduli::generate -O bits=$bits) moduli.generated
/usr/bin/cat <(moduli::safe) >> moduli.generated
/usr/bin/mv -f moduli.generated moduli
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment