quick script that temporarily allows password login to upload keyfiles for new clients

addkeypair.sh

#!/usr/bin/env bash
# Use xargs to remove trailing space
FQDN=`hostname -A|xargs`

if ! [ $(id -u) = 0 ]; then
    echo "Check if you can sudo here (or run this script as root)"
fi
echo "Check client's internet connection and"
echo "create keypair on the client machine by using ONE of the following commands:"
echo "\$ ssh-keygen -t ed25519 -C \"\$USER@\$HOSTNAME\" -f \"\$HOME/.ssh/$FQDN\" -P \"\""
echo "\$ ssh-keygen -t rsa -b 4096 -C \"\$USER@\$HOSTNAME\" -f \"\$HOME/.ssh/$FQDN\" -P \"\""
echo "\$ ssh-keygen -t ecdsa -b 521 -C \"\$USER@\$HOSTNAME\" -f \"\$HOME/.ssh/$FQDN\" -P \"\""
echo ""
echo "register your new keypair by entering:"
echo "$ eval \"\$(ssh-agent -s)\""
echo ""
echo "and PREPARE the following command (without pressing enter):"
echo "\$ ssh-copy-id -i \"\$HOME/.ssh/$FQDN\" $USER@$FQDN"
echo ""
echo "press a key"
read -sn 1
# Allow password login!
sudo sed -i "/^[^#]*PasswordAuthentication[[:space:]]no/c\PasswordAuthentication yes" /etc/ssh/sshd_config
sudo service sshd restart
echo "commit (enter) your ssh-copy-id command and use your login password for $USER"
echo "Make sure to verify its fingerprint to be one of these:"
for file in /etc/ssh/*sa_key.pub
do   ssh-keygen -E sha256 -lf $file|cut -d' ' -f2
done
echo ""
echo "press a key"
read -sn 1
# Disallow password login again
sudo sed -i "/^[^#]*PasswordAuthentication[[:space:]]yes/c\PasswordAuthentication no" /etc/ssh/sshd_config
sudo service sshd restart
echo "Done"
echo ""
echo "You can now login by typing:"
echo "\$ ssh $USER@$FQDN -i \"\$HOME/.ssh/$FQDN\""
echo "or optionally create an entry in ~/.ssh/config :"
echo "HOST $HOSTNAME"
echo -e "\tuser $USER"
echo -e "\tHostname $FQDN"
echo -e "\tIdentityFile ~/.ssh/$FQDN"