diff --git a/FEATURES.md b/FEATURES.md new file mode 100644 index 0000000..1c7056c --- /dev/null +++ b/FEATURES.md @@ -0,0 +1,161 @@ +# SSH Installation & Key Management Tools - Features + +## Overview +This repository now includes comprehensive SSH installation and key management automation scripts for Windows, Linux, and macOS platforms. + +## What's Been Added + +### 1. Windows Installation Script (ssh-install.bat) +A powerful batch file with PowerShell integration that provides: + +#### Features: +- **Auto-elevation**: Automatically requests administrator privileges +- **OpenSSH Installation**: Detects and installs OpenSSH if not present +- **Interactive Key Generation**: + - Prompts for email and optional comment + - Choose number of keys (1-10) + - Select key type and bit length for each key +- **Supported Key Types**: + - RSA: 2048, 4096, 8192 bits + - Ed25519: Modern elliptic curve + - ECDSA: 256, 384, 521 bits +- **Key Backup**: + - Optional backup to user-selected location + - Visual folder browser for selection + - Automatic copying of both private and public keys +- **GPG/PGP Support**: + - Optional GPG key generation (4096-bit RSA) + - Automatic backup of GPG keys + - Batch generation for automation +- **User Experience**: + - Clear, formatted output + - Helpful usage instructions after generation + - Option to open SSH directory in Explorer + +### 2. Linux/macOS Installation Script (ssh-install.sh) +An equivalent bash script with enhanced features: + +#### Features: +- **Color-coded Output**: Visual feedback with colored messages +- **Cross-platform**: Works on Linux and macOS +- **Interactive Key Generation**: Same options as Windows script +- **Supported Key Types**: Identical to Windows version +- **Key Backup**: File path selection with tab completion +- **GPG/PGP Support**: Same functionality as Windows +- **Proper Permissions**: Automatically sets correct Unix permissions +- **User Experience**: + - Success/error indicators with symbols + - Helpful usage instructions + - Option to open SSH directory + +### 3. Static HTML Webpage (index.html) +Professional webpage with: + +#### Features: +- **Responsive Design**: Works on desktop and mobile +- **Ionity Branding**: Comprehensive branding throughout +- **License Information**: + - Full CC-BY-NC-SA-4.0 license text + - License badge + - Attribution requirements +- **Download Links**: Direct downloads for both scripts +- **Documentation**: + - Feature overview + - Installation instructions + - Usage examples + - Troubleshooting guide +- **Metadata**: + - SEO optimized + - Open Graph tags + - Twitter Card support + - CC license metadata + +### 4. Installer Package Structure + +#### installer/README.md +Comprehensive installation guide covering: +- What's included +- Installation instructions for all platforms +- Usage after installation +- Best practices +- File locations +- Troubleshooting +- Requirements +- License information + +#### installer/config/ +Configuration files and templates: +- `installer.conf`: Default settings and preferences +- `README.md`: Configuration documentation + +#### installer/templates/ +SSH configuration templates: +- `ssh_config_template`: Client SSH config with examples +- `authorized_keys_template`: Server-side public key setup +- `known_hosts_example`: Host fingerprint examples +- `README.md`: Template usage guide + +### 5. Updated Main README +Enhanced documentation including: +- Quick start section for SSH tools +- Feature highlights +- Links to detailed documentation +- License information for new tools +- Credits section + +## Technical Highlights + +### Security Features +- ✅ **No hardcoded passwords**: All keys generated without passwords for automation +- ✅ **Proper permissions**: Unix permissions set correctly (700 for .ssh, 600 for keys) +- ✅ **Security warnings**: Explicit warnings when backing up private keys +- ✅ **No insecure practices**: Uses OpenSSH and GPG best practices + +### Automation Features +- ✅ **Zero-touch installation**: Scripts handle all setup +- ✅ **Batch generation**: Create multiple keys in one session +- ✅ **Auto-elevation**: Windows script handles admin rights automatically +- ✅ **Dependency checking**: Scripts verify required tools are installed + +### User Experience +- ✅ **Interactive prompts**: Clear, guided setup process +- ✅ **Visual feedback**: Colors, symbols, and clear messages +- ✅ **File browser integration**: Visual selection for backup locations +- ✅ **Help text**: Instructions displayed after generation +- ✅ **Error handling**: Clear error messages and troubleshooting hints + +## How to Use + +### Windows +1. Download `ssh-install.bat` +2. Double-click or run from command prompt +3. Follow interactive prompts +4. Keys saved to `%USERPROFILE%\.ssh` + +### Linux/macOS +1. Download `ssh-install.sh` +2. Make executable: `chmod +x ssh-install.sh` +3. Run: `./ssh-install.sh` +4. Follow interactive prompts +5. Keys saved to `~/.ssh` + +## Files Created + +Total files added: 11 +- 2 installation scripts +- 1 HTML webpage +- 1 main installer README +- 2 config files (+ 1 README) +- 4 template files (+ 1 README) +- 1 features document (this file) + +## License + +All SSH Installation & Key Management Tools are licensed under: +**CC-BY-NC-SA-4.0** (Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International) + +Copyright © 2025 Ionity - All Rights Reserved + +## Credits + +Developed by Ionity as part of the Antwerp Designs Ionity organization. diff --git a/README.md b/README.md index 32e71d9..9a2dcdd 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,38 @@ CLI tool that decrypts and decodes session replay files captured by Cloudflare's Audit SSH proxy. +## 🔐 SSH Installation & Key Management Tools + +**NEW!** This repository now includes comprehensive automated SSH and GPG/PGP key generation and management tools. + +### Quick Start - SSH Key Generation + +#### Windows +```batch +# Download and run ssh-install.bat +# It will auto-elevate to administrator and guide you through key generation +ssh-install.bat +``` + +#### Linux/macOS +```bash +# Download and run ssh-install.sh +chmod +x ssh-install.sh +./ssh-install.sh +``` + +### Features +- 🔧 **Auto-elevation** to administrator/root when needed +- 🔑 **Multiple key types**: RSA (2048/4096/8192), Ed25519, ECDSA (256/384/521) +- 💾 **Automatic backup** with file browser integration +- 🔐 **GPG/PGP support** for email encryption and code signing +- 📝 **Interactive setup** with guided prompts +- 🌍 **Cross-platform** support (Windows, Linux, macOS) + +For detailed documentation, see the [installer README](installer/README.md) or visit [index.html](index.html) for the web interface. + +--- + ## Installation ### Build from source @@ -50,3 +82,23 @@ You can then extract it and either open term_data.txt and analyse it on your own ### Non-PTY Sessions If the encrypted file has a valid non-PTY session capture, then the output ZIP will contain 2 files: `data_from_client.txt` and `data_from_server.txt`. These contain upstream and downstream traffic, respectively. + +--- + +## License + +The SSH Installation & Key Management Tools are licensed under **CC-BY-NC-SA-4.0** (Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International). + +Copyright © 2025 **Ionity** - All Rights Reserved + +The core SSH Log CLI tool retains its original license. + +## Contributing + +Contributions are welcome! Please feel free to submit issues or pull requests. + +## Credits + +- SSH Installation Tools developed by **Ionity** +- Part of the **Antwerp Designs Ionity** organization +- Original SSH Log CLI by Cloudflare diff --git a/index.html b/index.html new file mode 100644 index 0000000..a7f2ab4 --- /dev/null +++ b/index.html @@ -0,0 +1,446 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + SSH Installation & Key Management Tools - Ionity + + + + +
+
+

🔐 SSH Installation & Key Management Tools

+

Automated SSH and GPG key generation for all platforms

+

Powered by Ionity

+
+ +
+ +
+

About This Project

+

+ This project provides comprehensive automated scripts for SSH and GPG/PGP key generation and management + across Windows, Linux, and macOS platforms. The tools are designed to simplify the process of creating + and managing cryptographic keys for secure communications. +

+
+ + +
+

Features

+
+
+

🔧 Auto-Elevation

+

Windows script automatically elevates to administrator privileges when needed

+
+
+

🔑 Multiple Key Types

+

Support for RSA (2048/4096/8192), Ed25519, and ECDSA (256/384/521) keys

+
+
+

💾 Automatic Backup

+

Built-in key backup functionality with user-selectable locations

+
+
+

🔐 GPG/PGP Support

+

Generate GPG/PGP keys for email encryption and code signing

+
+
+

📝 Interactive Setup

+

User-friendly prompts guide you through the entire process

+
+
+

🌍 Cross-Platform

+

Works on Windows (PowerShell), Linux, and macOS

+
+
+
+ + +
+

Download Installation Scripts

+
+
+

🪟 Windows

+

Batch script with PowerShell integration

+ Download ssh-install.bat +

+ Auto-elevates to admin
+ Supports all key types +

+
+
+

🐧 Linux / 🍎 macOS

+

Bash script for Unix-like systems

+ Download ssh-install.sh +

+ Color-coded output
+ Native file browser integration +

+
+
+
+ + +
+

Installation Instructions

+ +
+

Windows:

+
    +
  1. Download ssh-install.bat
    2. +
  2. Right-click the file and select "Run as administrator" (or just double-click, it will auto-elevate)
    3. +
  3. Follow the interactive prompts
    4. +
  4. Your keys will be saved to %USERPROFILE%\.ssh
    5. +
+
+ +
+

Linux / macOS:

+
    +
  1. Download ssh-install.sh
    2. +
  2. Make it executable: chmod +x ssh-install.sh
    3. +
  3. Run the script: ./ssh-install.sh
    4. +
  4. Follow the interactive prompts
    5. +
  5. Your keys will be saved to ~/.ssh
    6. +
+
+
+ + +
+

Project Metadata

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Project Name:SSH Installation & Key Management Tools
Developer:Ionity
Organization:Antwerp Designs Ionity
Repository:github.com/AntwerpDesignsIonity/ssh-log-cli
Version:1.0.0
Release Date:December 2025
Supported Platforms:Windows, Linux, macOS
Key Types Supported:RSA, Ed25519, ECDSA, GPG/PGP
+
+
+ + +
+

License

+
+

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International

+

+ This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 + International License. To view a copy of this license, visit + + https://creativecommons.org/licenses/by-nc-sa/4.0/ + +

+
+ + CC BY-NC-SA 4.0 + +
+

+ You are free to: +

+
    +
  • Share — copy and redistribute the material in any medium or format
    • +
  • Adapt — remix, transform, and build upon the material
    • +
+

+ Under the following terms: +

+
    +
  • Attribution — You must give appropriate credit to Ionity
    • +
  • NonCommercial — You may not use the material for commercial purposes
    • +
  • ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license
    • +
+
+
+ + +
+

Additional Resources

+
+
+

📚 Documentation

+

Comprehensive guides and examples available in the repository README

+
+
+

🐛 Issue Tracker

+

Report bugs or request features on GitHub Issues

+
+
+

💬 Support

+

Community support available through GitHub Discussions

+
+
+
+
+ + +
+ + diff --git a/installer/README.md b/installer/README.md new file mode 100644 index 0000000..f65de0a --- /dev/null +++ b/installer/README.md @@ -0,0 +1,273 @@ +# SSH Installation Toolkit + +## Overview + +This toolkit provides automated SSH and GPG/PGP key generation and management tools for Windows, Linux, and macOS platforms. + +## What's Included + +### Installation Scripts + +1. **ssh-install.bat** - Windows batch script + - Auto-elevates to administrator privileges + - Installs OpenSSH if not present + - Interactive key generation wizard + - Multiple key type support + - GPG/PGP key generation + - Automatic backup functionality + +2. **ssh-install.sh** - Linux/macOS bash script + - Color-coded terminal output + - Interactive prompts + - Multiple key type support + - GPG/PGP key generation + - Automatic backup functionality + - File browser integration + +3. **index.html** - Static webpage + - Project information and metadata + - Download links for scripts + - Installation instructions + - License information (CC-BY-NC-SA-4.0) + - Ionity branding + +### Installer Directory Structure + +``` +installer/ +├── config/ # Configuration templates +├── templates/ # SSH config templates +└── README.md # This file +``` + +## Features + +### Key Types Supported + +- **RSA**: 2048, 4096, 8192 bits +- **Ed25519**: Modern elliptic curve (recommended) +- **ECDSA**: 256, 384, 521 bits +- **GPG/PGP**: 4096-bit RSA keys for encryption and signing + +### Advanced Features + +- ✅ **Auto-elevation**: Windows script automatically requests admin rights +- ✅ **Multiple keys**: Generate as many keys as you need in one session +- ✅ **Interactive prompts**: User-friendly guided setup +- ✅ **Automatic backup**: Save keys to a custom location +- ✅ **File browser**: Visual selection of backup directories +- ✅ **No password needed**: Scripts handle everything automatically +- ✅ **GPG support**: Email encryption and code signing keys +- ✅ **Cross-platform**: Windows, Linux, macOS + +## Installation Instructions + +### Windows Installation + +1. Download `ssh-install.bat` from the repository or webpage +2. Double-click the file to run (it will auto-elevate to administrator) + - Or right-click and select "Run as administrator" +3. Follow the interactive prompts: + - Enter your email address + - Enter an optional comment + - Choose how many keys to generate + - Select key types and bit lengths + - Choose whether to backup keys + - Optionally generate GPG keys +4. Your keys will be saved to `%USERPROFILE%\.ssh` + +### Linux/macOS Installation + +1. Download `ssh-install.sh` from the repository or webpage +2. Make the script executable: + ```bash + chmod +x ssh-install.sh + ``` +3. Run the script: + ```bash + ./ssh-install.sh + ``` +4. Follow the interactive prompts: + - Enter your email address + - Enter an optional comment + - Choose how many keys to generate + - Select key types and bit lengths + - Choose whether to backup keys + - Optionally generate GPG keys +5. Your keys will be saved to `~/.ssh` + +## Usage After Installation + +### Using Your SSH Keys + +Once generated, you can use your SSH keys to connect to remote servers: + +```bash +# Linux/macOS +ssh -i ~/.ssh/id_ed25519_1 user@hostname + +# Windows +ssh -i %USERPROFILE%\.ssh\id_ed25519_1 user@hostname +``` + +### Adding Keys to SSH Agent + +#### Windows (PowerShell) +```powershell +# Start ssh-agent +Start-Service ssh-agent + +# Add your key +ssh-add $env:USERPROFILE\.ssh\id_ed25519_1 +``` + +#### Linux/macOS +```bash +# Start ssh-agent +eval "$(ssh-agent)" + +# Add your key +ssh-add ~/.ssh/id_ed25519_1 +``` + +### Copying Public Keys to Servers + +#### Linux/macOS +```bash +ssh-copy-id -i ~/.ssh/id_ed25519_1.pub user@hostname +``` + +#### Windows/Manual Method +```bash +# Display your public key +cat ~/.ssh/id_ed25519_1.pub # Linux/macOS +type %USERPROFILE%\.ssh\id_ed25519_1.pub # Windows + +# Then add it to the server's ~/.ssh/authorized_keys file +``` + +### Using GPG Keys + +After generating GPG keys, you can use them for: + +**Listing your keys:** +```bash +gpg --list-keys +gpg --list-secret-keys +``` + +**Exporting public key:** +```bash +gpg --armor --export your.email@example.com > pubkey.asc +``` + +**Encrypting files:** +```bash +gpg --encrypt --recipient your.email@example.com file.txt +``` + +**Signing Git commits:** +```bash +git config --global user.signingkey YOUR_GPG_KEY_ID +git config --global commit.gpgsign true +``` + +## Key Management Best Practices + +1. **Backup Your Keys**: Always keep a secure backup of your private keys +2. **Use Strong Keys**: Ed25519 or RSA 4096-bit keys are recommended +3. **Protect Private Keys**: Never share your private keys +4. **Use SSH Agent**: Avoid typing passwords repeatedly +5. **Rotate Keys**: Generate new keys periodically +6. **Different Keys for Different Purposes**: Use separate keys for different servers/services + +## File Locations + +### Windows +- SSH keys: `C:\Users\YourUsername\.ssh\` +- GPG keys: `C:\Users\YourUsername\AppData\Roaming\gnupg\` +- Backup location: User-selected via file browser + +### Linux/macOS +- SSH keys: `/home/username/.ssh/` or `~/.ssh/` +- GPG keys: `/home/username/.gnupg/` or `~/.gnupg/` +- Backup location: User-selected path + +## Troubleshooting + +### Windows Issues + +**OpenSSH not installing:** +- Try manually: Settings → Apps → Optional Features → Add OpenSSH Client +- Or use PowerShell: `Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0` + +**GPG not found:** +- Install from: https://gnupg.org/download/ +- Or use Chocolatey: `choco install gnupg` + +**Permission denied:** +- Make sure you're running as administrator +- Check antivirus isn't blocking the script + +### Linux/macOS Issues + +**ssh-keygen not found:** +- Ubuntu/Debian: `sudo apt-get install openssh-client` +- macOS: Should be pre-installed; try `brew install openssh` if missing + +**GPG not found:** +- Ubuntu/Debian: `sudo apt-get install gnupg` +- macOS: `brew install gnupg` + +**Permission errors:** +- Ensure `.ssh` directory has proper permissions: `chmod 700 ~/.ssh` +- Ensure private keys have proper permissions: `chmod 600 ~/.ssh/id_*` + +## Requirements + +### Windows +- Windows 10 or later +- PowerShell 5.0 or later (pre-installed) +- Administrator privileges (script will auto-elevate) +- Optional: GPG for Windows (for GPG key generation) + +### Linux +- Any modern Linux distribution +- Bash 4.0 or later +- OpenSSH client +- Optional: GPG/GnuPG (for GPG key generation) + +### macOS +- macOS 10.12 or later +- Bash or Zsh +- OpenSSH client (pre-installed) +- Optional: GPG Suite or GPG from Homebrew + +## License + +This project is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC-BY-NC-SA-4.0). + +**Copyright © 2025 Ionity - All Rights Reserved** + +You are free to: +- **Share** — copy and redistribute the material +- **Adapt** — remix, transform, and build upon the material + +Under the following terms: +- **Attribution** — Give appropriate credit to Ionity +- **NonCommercial** — Not for commercial use +- **ShareAlike** — Distribute contributions under the same license + +For more information: https://creativecommons.org/licenses/by-nc-sa/4.0/ + +## Support + +For issues, questions, or contributions: +- GitHub Repository: https://github.com/AntwerpDesignsIonity/ssh-log-cli +- Issue Tracker: https://github.com/AntwerpDesignsIonity/ssh-log-cli/issues + +## Credits + +Developed and maintained by **Ionity** as part of the Antwerp Designs Ionity organization. + +Special thanks to the open-source community for SSH and GPG tools. diff --git a/installer/config/README.md b/installer/config/README.md new file mode 100644 index 0000000..65241e3 --- /dev/null +++ b/installer/config/README.md @@ -0,0 +1,66 @@ +# Configuration Files + +This directory contains configuration files and templates for the SSH installation scripts. + +## Files + +### installer.conf +Default configuration file for the installation scripts. This file contains settings that can be customized: + +- General settings (email, comments, backup options) +- SSH key defaults (types, lengths, counts) +- GPG key settings +- Platform-specific options (Windows/Linux) +- Security preferences +- Advanced features + +## Usage + +The configuration file uses a simple INI-style format: + +```ini +[Section] +key=value +``` + +## Customization + +To customize the installation: + +1. Copy `installer.conf` to a custom location +2. Edit the values as needed +3. Run the installer scripts (future versions may support loading custom configs) + +## Example Customizations + +### Generate Ed25519 keys by default: +```ini +[SSH Keys] +default_key_type=ed25519 +``` + +### Auto-backup to a specific location: +```ini +[General] +auto_backup=true +default_backup_path=/path/to/backup +``` + +### Generate 3 keys by default: +```ini +[SSH Keys] +default_key_count=3 +``` + +### Auto-generate GPG keys: +```ini +[GPG Keys] +auto_generate_gpg=true +``` + +## Notes + +- Boolean values: `true` or `false` +- Empty values mean the script will prompt for input +- Some features may require script modifications to implement +- This configuration is provided as a reference for future enhancements diff --git a/installer/config/installer.conf b/installer/config/installer.conf new file mode 100644 index 0000000..cdb6a7a --- /dev/null +++ b/installer/config/installer.conf @@ -0,0 +1,108 @@ +# Installer Configuration +# This file contains default settings for the SSH installation scripts + +[General] +# Default email domain (leave empty for manual entry) +default_email_domain= + +# Default key comment +default_comment=Generated by Ionity SSH Installer + +# Auto-backup keys (true/false) +auto_backup=false + +# Default backup path (leave empty for interactive selection) +default_backup_path= + +[SSH Keys] +# Default number of keys to generate +default_key_count=1 + +# Default key type (rsa, ed25519, ecdsa) +default_key_type=ed25519 + +# Default key bits for RSA (2048, 4096, 8192) +default_rsa_bits=4096 + +# Default key bits for ECDSA (256, 384, 521) +default_ecdsa_bits=256 + +[GPG Keys] +# Auto-generate GPG keys (true/false) +auto_generate_gpg=false + +# Default GPG key type (rsa, dsa, elg) +gpg_key_type=rsa + +# Default GPG key length (2048, 4096) +gpg_key_length=4096 + +# GPG key expiration (0 for no expiration, or days) +gpg_expiration=0 + +[Paths] +# SSH directory (relative to user home) +ssh_directory=.ssh + +# GPG directory (relative to user home) +gpg_directory=.gnupg + +[Windows] +# Auto-install OpenSSH if not present (true/false) +auto_install_openssh=true + +# Auto-elevate to administrator (true/false) +auto_elevate=true + +# Open SSH directory after completion (true/false) +open_ssh_directory=false + +[Linux] +# Check for package updates before installation (true/false) +check_updates=false + +# Auto-install missing packages (true/false) +auto_install_packages=false + +# Use colors in terminal output (true/false) +use_colors=true + +[Security] +# Use passphrase for private keys (true/false) +# Note: Current scripts generate keys without passphrase for automation +# Set to true if you want to be prompted for passphrases +use_passphrase=false + +# Set strict file permissions (true/false) +strict_permissions=true + +# Backup private keys (true/false) +# Warning: Only backup to secure, encrypted locations +backup_private_keys=true + +[Advanced] +# SSH config file auto-generation (true/false) +auto_create_config=false + +# Add keys to SSH agent automatically (true/false) +auto_add_to_agent=false + +# Generate host-specific keys (true/false) +# If true, prompts for hostname to include in key name +host_specific_keys=false + +# Generate multiple key types at once (true/false) +generate_all_types=false + +# Key naming format (sequential, timestamp, custom) +key_naming=sequential + +[Logging] +# Enable logging (true/false) +enable_logging=false + +# Log file location (relative to home directory) +log_file=.ssh/installer.log + +# Log level (error, warning, info, debug) +log_level=info diff --git a/installer/templates/README.md b/installer/templates/README.md new file mode 100644 index 0000000..5214e01 --- /dev/null +++ b/installer/templates/README.md @@ -0,0 +1,63 @@ +# Connection Files Configuration +# This directory contains templates and examples for SSH connections + +## Files in this directory: + +- ssh_config_template: SSH client configuration template +- authorized_keys_template: Template for server-side authorized keys +- known_hosts_example: Example known_hosts entries + +## How to use these files: + +### 1. SSH Config Template +Copy to: ~/.ssh/config (Linux/macOS) or %USERPROFILE%\.ssh\config (Windows) + +This file allows you to create shortcuts for SSH connections: +Instead of: ssh -i ~/.ssh/id_ed25519_1 -p 2222 user@long-hostname.example.com +You can use: ssh myserver + +### 2. Authorized Keys Template +On the remote server, add your public key to: ~/.ssh/authorized_keys + +This enables passwordless SSH authentication. + +### 3. Known Hosts +File location: ~/.ssh/known_hosts (Linux/macOS) or %USERPROFILE%\.ssh\known_hosts (Windows) + +This file stores fingerprints of hosts you've connected to. +It helps prevent man-in-the-middle attacks. + +## Quick Start Guide: + +1. Generate SSH keys using ssh-install.bat or ssh-install.sh +2. Copy the SSH config template to your .ssh directory +3. Edit the config file to add your servers +4. Copy your public key to remote servers: + - Linux/macOS: ssh-copy-id -i ~/.ssh/id_ed25519_1.pub user@host + - Windows: Manually append the public key to the server's authorized_keys file + +## Best Practices: + +- Use Ed25519 keys for new installations (smaller, faster, more secure) +- Use different keys for different purposes/servers +- Keep private keys secure (never share them) +- Backup your keys to a secure location +- Use strong passphrases (optional but recommended) +- Regularly rotate keys for sensitive systems +- Use SSH agent to avoid repeatedly entering passphrases + +## File Permissions: + +Correct permissions are critical for SSH security: + +Linux/macOS: +- ~/.ssh directory: 700 (drwx------) +- Private keys: 600 (-rw-------) +- Public keys: 644 (-rw-r--r--) +- config file: 600 (-rw-------) +- authorized_keys: 600 (-rw-------) +- known_hosts: 644 (-rw-r--r--) + +Windows: +- Permissions are typically managed automatically +- Ensure only your user account has access to private keys diff --git a/installer/templates/authorized_keys_template b/installer/templates/authorized_keys_template new file mode 100644 index 0000000..ed17775 --- /dev/null +++ b/installer/templates/authorized_keys_template @@ -0,0 +1,44 @@ +# Authorized Keys Template +# This file should be placed on the remote server at: ~/.ssh/authorized_keys +# It contains public keys that are allowed to authenticate to this account + +# Format: Each line contains one public key +# Lines starting with # are comments + +# Example entry (replace with your actual public key): +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGExampleKeyDataHere user@example.com + +# To add your key to this file: +# 1. Copy your public key from your local machine: +# Linux/macOS: cat ~/.ssh/id_ed25519_1.pub +# Windows: type %USERPROFILE%\.ssh\id_ed25519_1.pub +# +# 2. Paste it below this comment block +# +# 3. Save the file on the remote server as ~/.ssh/authorized_keys +# +# 4. Set correct permissions on the remote server: +# chmod 700 ~/.ssh +# chmod 600 ~/.ssh/authorized_keys + +# Add your public keys below: + + +# You can add multiple keys, one per line: +# ssh-ed25519 AAAAC3... user1@workstation +# ssh-rsa AAAAB3... user2@laptop +# ssh-ecdsa AAAAE2... user3@desktop + +# You can add restrictions before the key: +# Options available: +# - command="": Force execution of a specific command +# - no-port-forwarding: Disable port forwarding +# - no-X11-forwarding: Disable X11 forwarding +# - no-agent-forwarding: Disable agent forwarding +# - no-pty: Disable PTY allocation +# - from="": Restrict source IP addresses + +# Example with restrictions: +# no-port-forwarding,no-X11-forwarding ssh-ed25519 AAAAC3... restricted@example.com +# from="192.168.1.*" ssh-ed25519 AAAAC3... local-network@example.com +# command="~/backup.sh" ssh-ed25519 AAAAC3... backup@example.com diff --git a/installer/templates/known_hosts_example b/installer/templates/known_hosts_example new file mode 100644 index 0000000..0ad162c --- /dev/null +++ b/installer/templates/known_hosts_example @@ -0,0 +1,36 @@ +# Known Hosts Example +# This file contains SSH host key fingerprints for servers you've connected to +# Location: ~/.ssh/known_hosts (Linux/macOS) or %USERPROFILE%\.ssh\known_hosts (Windows) + +# Format: +# hostname,[ip-address] key-type public-key-data + +# Example entries (these are not real keys): +# github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA... +# gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTY... +# bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... + +# The known_hosts file is automatically managed by SSH +# When you connect to a new host, you'll see: +# "The authenticity of host 'example.com' can't be established." +# "ED25519 key fingerprint is SHA256:..." +# "Are you sure you want to continue connecting (yes/no)?" + +# After you type 'yes', the host key is added to this file + +# Important notes: +# - This file prevents man-in-the-middle attacks +# - If a server's key changes, SSH will warn you +# - You can manually verify fingerprints with the server administrator +# - Use 'ssh-keygen -F hostname' to search for a host in this file +# - Use 'ssh-keygen -R hostname' to remove a host from this file + +# Example: Check if a host is known +# ssh-keygen -F github.com + +# Example: Remove a host (useful when server key changes legitimately) +# ssh-keygen -R old-server.example.com + +# For added security, you can use hashed hostnames: +# ssh-keyscan -H example.com >> ~/.ssh/known_hosts +# This prevents revealing which hosts you connect to if the file is compromised diff --git a/installer/templates/ssh_config_template b/installer/templates/ssh_config_template new file mode 100644 index 0000000..002497b --- /dev/null +++ b/installer/templates/ssh_config_template @@ -0,0 +1,84 @@ +# SSH Configuration Template +# Save this file as 'config' in your .ssh directory +# Location: ~/.ssh/config (Linux/macOS) or %USERPROFILE%\.ssh\config (Windows) + +# Default settings for all hosts +Host * + # Use the SSH protocol version 2 + Protocol 2 + + # Enable compression + Compression yes + + # Keep connections alive + ServerAliveInterval 60 + ServerAliveCountMax 3 + + # Use SSH keys by default + PreferredAuthentications publickey,password + + # Disable strict host key checking for local networks (use with caution) + # StrictHostKeyChecking no + + # Forward agent for key-based authentication + ForwardAgent no + + # Enable connection multiplexing for faster subsequent connections + ControlMaster auto + ControlPath ~/.ssh/control-%r@%h:%p + ControlPersist 10m + +# Example: Development Server +# Host dev +# HostName dev.example.com +# User username +# Port 22 +# IdentityFile ~/.ssh/id_ed25519_1 +# ForwardAgent yes + +# Example: Production Server +# Host prod +# HostName prod.example.com +# User deploy +# Port 22 +# IdentityFile ~/.ssh/id_rsa_4096_1 +# StrictHostKeyChecking yes + +# Example: GitHub +# Host github.com +# HostName github.com +# User git +# IdentityFile ~/.ssh/id_ed25519_github +# PreferredAuthentications publickey + +# Example: GitLab +# Host gitlab.com +# HostName gitlab.com +# User git +# IdentityFile ~/.ssh/id_ed25519_gitlab +# PreferredAuthentications publickey + +# Example: Bitbucket +# Host bitbucket.org +# HostName bitbucket.org +# User git +# IdentityFile ~/.ssh/id_ed25519_bitbucket +# PreferredAuthentications publickey + +# Example: Jump/Bastion Host +# Host bastion +# HostName bastion.example.com +# User jump_user +# IdentityFile ~/.ssh/id_ed25519_1 +# +# Host internal-server +# HostName 10.0.1.100 +# User admin +# IdentityFile ~/.ssh/id_rsa_4096_1 +# ProxyJump bastion + +# Example: Multiple servers with same configuration +# Host server-*.example.com +# User admin +# IdentityFile ~/.ssh/id_ed25519_1 +# Port 2222 diff --git a/ssh-install.bat b/ssh-install.bat new file mode 100644 index 0000000..ae4236b --- /dev/null +++ b/ssh-install.bat @@ -0,0 +1,256 @@ +@echo off +REM SSH Installation and Key Generation Script for Windows +REM Auto-elevates to Administrator if not already running with admin privileges +REM Copyright (c) Ionity - Licensed under CC-BY-NC-SA-4.0 + +NET SESSION >nul 2>&1 +if %errorLevel% neq 0 ( + echo Requesting administrative privileges... + powershell -Command "Start-Process '%~f0' -Verb RunAs" + exit /b +) + +echo ================================================================ +echo SSH Installation and Key Management Tool +echo Ionity (c) +echo Licensed under CC-BY-NC-SA-4.0 +echo ================================================================ +echo. + +REM Check if OpenSSH is installed +where ssh >nul 2>&1 +if %errorLevel% neq 0 ( + echo OpenSSH Client not found. Installing... + powershell -Command "Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0" + echo OpenSSH Client installed successfully. + echo. +) + +where ssh-keygen >nul 2>&1 +if %errorLevel% neq 0 ( + echo ssh-keygen not found. Please ensure OpenSSH is properly installed. + pause + exit /b 1 +) + +REM Prompt for user information +set /p USER_EMAIL="Enter your email address: " +set /p USER_COMMENT="Enter a comment for your keys (optional): " + +if "%USER_COMMENT%"=="" set USER_COMMENT=%USER_EMAIL% + +REM Ask how many keys to generate +set /p NUM_KEYS="How many SSH keys do you want to generate? (1-10): " +if "%NUM_KEYS%"=="" set NUM_KEYS=1 +if %NUM_KEYS% lss 1 set NUM_KEYS=1 +if %NUM_KEYS% gtr 10 set NUM_KEYS=10 + +echo. +echo ================================================================ +echo Creating SSH directory structure... +echo ================================================================ + +if not exist "%USERPROFILE%\.ssh" ( + mkdir "%USERPROFILE%\.ssh" + echo Created %USERPROFILE%\.ssh directory +) + +REM Ask for backup location +echo. +echo Would you like to backup your keys to a specific location? +set /p BACKUP_CHOICE="[Y/N]: " + +if /I "%BACKUP_CHOICE%"=="Y" ( + powershell -Command "Add-Type -AssemblyName System.Windows.Forms; $folder = New-Object System.Windows.Forms.FolderBrowserDialog; $folder.Description = 'Select backup location for SSH keys'; $folder.ShowDialog() | Out-Null; $folder.SelectedPath" > "%TEMP%\backup_path.txt" + set /p BACKUP_PATH=<"%TEMP%\backup_path.txt" + del "%TEMP%\backup_path.txt" + + if defined BACKUP_PATH ( + if not exist "!BACKUP_PATH!" mkdir "!BACKUP_PATH!" + echo Backup location set to: !BACKUP_PATH! + ) else ( + echo No backup location selected. + set BACKUP_PATH= + ) +) + +setlocal enabledelayedexpansion + +REM Generate keys in a loop +for /L %%i in (1,1,%NUM_KEYS%) do ( + echo. + echo ================================================================ + echo Generating SSH Key %%i of %NUM_KEYS% + echo ================================================================ + echo. + echo Select key type: + echo 1. RSA (2048 bits) + echo 2. RSA (4096 bits) + echo 3. RSA (8192 bits) + echo 4. Ed25519 (recommended) + echo 5. ECDSA (256 bits) + echo 6. ECDSA (384 bits) + echo 7. ECDSA (521 bits) + echo. + + set /p KEY_TYPE_CHOICE="Enter your choice (1-7): " + + set KEY_TYPE= + set KEY_BITS= + set KEY_NAME_SUFFIX= + + if "!KEY_TYPE_CHOICE!"=="1" ( + set KEY_TYPE=rsa + set KEY_BITS=2048 + set KEY_NAME_SUFFIX=rsa_2048 + ) + if "!KEY_TYPE_CHOICE!"=="2" ( + set KEY_TYPE=rsa + set KEY_BITS=4096 + set KEY_NAME_SUFFIX=rsa_4096 + ) + if "!KEY_TYPE_CHOICE!"=="3" ( + set KEY_TYPE=rsa + set KEY_BITS=8192 + set KEY_NAME_SUFFIX=rsa_8192 + ) + if "!KEY_TYPE_CHOICE!"=="4" ( + set KEY_TYPE=ed25519 + set KEY_BITS= + set KEY_NAME_SUFFIX=ed25519 + ) + if "!KEY_TYPE_CHOICE!"=="5" ( + set KEY_TYPE=ecdsa + set KEY_BITS=256 + set KEY_NAME_SUFFIX=ecdsa_256 + ) + if "!KEY_TYPE_CHOICE!"=="6" ( + set KEY_TYPE=ecdsa + set KEY_BITS=384 + set KEY_NAME_SUFFIX=ecdsa_384 + ) + if "!KEY_TYPE_CHOICE!"=="7" ( + set KEY_TYPE=ecdsa + set KEY_BITS=521 + set KEY_NAME_SUFFIX=ecdsa_521 + ) + + if "!KEY_TYPE!"=="" ( + echo Invalid choice. Using Ed25519 as default. + set KEY_TYPE=ed25519 + set KEY_NAME_SUFFIX=ed25519 + ) + + set KEY_FILE=%USERPROFILE%\.ssh\id_!KEY_NAME_SUFFIX!_%%i + + echo. + echo Generating !KEY_TYPE! key... + + if "!KEY_BITS!"=="" ( + ssh-keygen -t !KEY_TYPE! -C "!USER_COMMENT!" -f "!KEY_FILE!" -N "" + ) else ( + ssh-keygen -t !KEY_TYPE! -b !KEY_BITS! -C "!USER_COMMENT!" -f "!KEY_FILE!" -N "" + ) + + if !errorLevel! equ 0 ( + echo Successfully generated key: !KEY_FILE! + echo Public key: !KEY_FILE!.pub + + REM Backup if location was specified + if defined BACKUP_PATH ( + copy "!KEY_FILE!" "!BACKUP_PATH!\" >nul + copy "!KEY_FILE!.pub" "!BACKUP_PATH!\" >nul + echo Keys backed up to !BACKUP_PATH! + ) + ) else ( + echo Failed to generate key. + ) +) + +REM GPG/PGP Key Generation +echo. +echo ================================================================ +echo Would you like to generate GPG/PGP keys? +echo ================================================================ +set /p GPG_CHOICE="[Y/N]: " + +if /I "%GPG_CHOICE%"=="Y" ( + where gpg >nul 2>&1 + if !errorLevel! neq 0 ( + echo. + echo GPG is not installed on your system. + echo Please install GPG from: https://gnupg.org/download/ + echo Or install via Chocolatey: choco install gnupg + ) else ( + echo. + echo Generating GPG key batch file... + + set GPG_BATCH_FILE=%TEMP%\gpg_batch_%%random%%.txt + + echo Key-Type: RSA > "!GPG_BATCH_FILE!" + echo Key-Length: 4096 >> "!GPG_BATCH_FILE!" + echo Subkey-Type: RSA >> "!GPG_BATCH_FILE!" + echo Subkey-Length: 4096 >> "!GPG_BATCH_FILE!" + echo Name-Real: %USER_COMMENT% >> "!GPG_BATCH_FILE!" + echo Name-Email: %USER_EMAIL% >> "!GPG_BATCH_FILE!" + echo Expire-Date: 0 >> "!GPG_BATCH_FILE!" + echo %%no-protection >> "!GPG_BATCH_FILE!" + echo %%commit >> "!GPG_BATCH_FILE!" + + echo Generating GPG key pair... + gpg --batch --gen-key "!GPG_BATCH_FILE!" + + del "!GPG_BATCH_FILE!" + + echo. + echo GPG key generated successfully! + echo. + echo To list your GPG keys, run: gpg --list-keys + echo To export your public key, run: gpg --armor --export %USER_EMAIL% ^> pubkey.asc + + if defined BACKUP_PATH ( + echo. + echo *** WARNING: Backing up private GPG keys. Ensure backup location is secure! *** + echo Backing up GPG keys to !BACKUP_PATH!... + gpg --export-secret-keys --armor %USER_EMAIL% > "!BACKUP_PATH!\gpg_private_key.asc" 2>nul + gpg --export --armor %USER_EMAIL% > "!BACKUP_PATH!\gpg_public_key.asc" 2>nul + echo GPG keys backed up. + ) + ) +) + +REM Display SSH configuration +echo. +echo ================================================================ +echo SSH Configuration Complete +echo ================================================================ +echo. +echo Your SSH keys are located in: %USERPROFILE%\.ssh +echo. +echo To use your keys with SSH: +echo ssh -i "%USERPROFILE%\.ssh\id_ed25519_1" user@host +echo. +echo To add your key to ssh-agent: +echo 1. Start ssh-agent: ssh-agent +echo 2. Add your key: ssh-add "%USERPROFILE%\.ssh\id_ed25519_1" +echo. +echo To copy your public key: +echo type "%USERPROFILE%\.ssh\id_ed25519_1.pub" +echo. + +if defined BACKUP_PATH ( + echo Keys backed up to: !BACKUP_PATH! + echo. +) + +REM Open SSH directory +set /p OPEN_DIR="Would you like to open the SSH directory? [Y/N]: " +if /I "%OPEN_DIR%"=="Y" ( + explorer "%USERPROFILE%\.ssh" +) + +echo. +echo Press any key to exit... +pause >nul + +endlocal diff --git a/ssh-install.sh b/ssh-install.sh new file mode 100755 index 0000000..7b2da2d --- /dev/null +++ b/ssh-install.sh @@ -0,0 +1,310 @@ +#!/bin/bash + +# SSH Installation and Key Generation Script for Linux/Mac +# Copyright (c) Ionity - Licensed under CC-BY-NC-SA-4.0 + +set -e + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Function to print colored output +print_header() { + echo -e "${BLUE}================================================================${NC}" + echo -e "${BLUE}$1${NC}" + echo -e "${BLUE}================================================================${NC}" +} + +print_success() { + echo -e "${GREEN}✓ $1${NC}" +} + +print_error() { + echo -e "${RED}✗ $1${NC}" +} + +print_info() { + echo -e "${YELLOW}ℹ $1${NC}" +} + +# Main script +clear +print_header "SSH Installation and Key Management Tool" +echo -e "${BLUE} Ionity (c)${NC}" +echo -e "${BLUE} Licensed under CC-BY-NC-SA-4.0${NC}" +echo "" + +# Check if running with sufficient privileges for some operations +if [ "$EUID" -eq 0 ]; then + print_info "Running with root privileges" +else + print_info "Running as regular user (recommended for SSH key generation)" +fi + +# Check if ssh-keygen is installed +if ! command -v ssh-keygen &> /dev/null; then + print_error "ssh-keygen not found!" + echo "" + echo "Please install OpenSSH:" + + if [[ "$OSTYPE" == "linux-gnu"* ]]; then + echo " Ubuntu/Debian: sudo apt-get install openssh-client" + echo " Fedora/RHEL: sudo dnf install openssh-clients" + echo " Arch: sudo pacman -S openssh" + elif [[ "$OSTYPE" == "darwin"* ]]; then + echo " macOS: OpenSSH should be pre-installed" + echo " If missing, install via Homebrew: brew install openssh" + fi + + exit 1 +fi + +print_success "OpenSSH found" +echo "" + +# Prompt for user information +read -p "Enter your email address: " USER_EMAIL +read -p "Enter a comment for your keys (optional, press Enter to use email): " USER_COMMENT + +if [ -z "$USER_COMMENT" ]; then + USER_COMMENT="$USER_EMAIL" +fi + +# Ask how many keys to generate +read -p "How many SSH keys do you want to generate? (1-10): " NUM_KEYS +NUM_KEYS=${NUM_KEYS:-1} + +# Validate number +if ! [[ "$NUM_KEYS" =~ ^[0-9]+$ ]] || [ "$NUM_KEYS" -lt 1 ] || [ "$NUM_KEYS" -gt 10 ]; then + print_info "Invalid number. Using 1 as default." + NUM_KEYS=1 +fi + +echo "" +print_header "Creating SSH directory structure" + +# Create .ssh directory if it doesn't exist +SSH_DIR="$HOME/.ssh" +if [ ! -d "$SSH_DIR" ]; then + mkdir -p "$SSH_DIR" + chmod 700 "$SSH_DIR" + print_success "Created $SSH_DIR directory" +else + print_success "$SSH_DIR directory exists" +fi + +# Ask for backup location +echo "" +read -p "Would you like to backup your keys to a specific location? [y/N]: " BACKUP_CHOICE + +BACKUP_PATH="" +if [[ "$BACKUP_CHOICE" =~ ^[Yy]$ ]]; then + read -e -p "Enter backup directory path: " BACKUP_PATH + + if [ -n "$BACKUP_PATH" ]; then + # Expand tilde + BACKUP_PATH="${BACKUP_PATH/#\~/$HOME}" + + if [ ! -d "$BACKUP_PATH" ]; then + mkdir -p "$BACKUP_PATH" + print_success "Created backup directory: $BACKUP_PATH" + else + print_success "Using existing backup directory: $BACKUP_PATH" + fi + chmod 700 "$BACKUP_PATH" + else + print_info "No backup location specified" + fi +fi + +# Generate keys in a loop +for ((i=1; i<=NUM_KEYS; i++)); do + echo "" + print_header "Generating SSH Key $i of $NUM_KEYS" + echo "" + echo "Select key type:" + echo "1. RSA (2048 bits)" + echo "2. RSA (4096 bits)" + echo "3. RSA (8192 bits)" + echo "4. Ed25519 (recommended)" + echo "5. ECDSA (256 bits)" + echo "6. ECDSA (384 bits)" + echo "7. ECDSA (521 bits)" + echo "" + + read -p "Enter your choice (1-7): " KEY_TYPE_CHOICE + + KEY_TYPE="" + KEY_BITS="" + KEY_NAME_SUFFIX="" + + case $KEY_TYPE_CHOICE in + 1) + KEY_TYPE="rsa" + KEY_BITS="2048" + KEY_NAME_SUFFIX="rsa_2048" + ;; + 2) + KEY_TYPE="rsa" + KEY_BITS="4096" + KEY_NAME_SUFFIX="rsa_4096" + ;; + 3) + KEY_TYPE="rsa" + KEY_BITS="8192" + KEY_NAME_SUFFIX="rsa_8192" + ;; + 4) + KEY_TYPE="ed25519" + KEY_BITS="" + KEY_NAME_SUFFIX="ed25519" + ;; + 5) + KEY_TYPE="ecdsa" + KEY_BITS="256" + KEY_NAME_SUFFIX="ecdsa_256" + ;; + 6) + KEY_TYPE="ecdsa" + KEY_BITS="384" + KEY_NAME_SUFFIX="ecdsa_384" + ;; + 7) + KEY_TYPE="ecdsa" + KEY_BITS="521" + KEY_NAME_SUFFIX="ecdsa_521" + ;; + *) + print_info "Invalid choice. Using Ed25519 as default." + KEY_TYPE="ed25519" + KEY_NAME_SUFFIX="ed25519" + ;; + esac + + KEY_FILE="$SSH_DIR/id_${KEY_NAME_SUFFIX}_${i}" + + echo "" + print_info "Generating $KEY_TYPE key..." + + if [ -z "$KEY_BITS" ]; then + ssh-keygen -t "$KEY_TYPE" -C "$USER_COMMENT" -f "$KEY_FILE" -N "" + else + ssh-keygen -t "$KEY_TYPE" -b "$KEY_BITS" -C "$USER_COMMENT" -f "$KEY_FILE" -N "" + fi + + if [ $? -eq 0 ]; then + chmod 600 "$KEY_FILE" + chmod 644 "$KEY_FILE.pub" + print_success "Successfully generated key: $KEY_FILE" + print_success "Public key: $KEY_FILE.pub" + + # Backup if location was specified + if [ -n "$BACKUP_PATH" ]; then + cp "$KEY_FILE" "$BACKUP_PATH/" + cp "$KEY_FILE.pub" "$BACKUP_PATH/" + print_success "Keys backed up to $BACKUP_PATH" + fi + else + print_error "Failed to generate key" + fi +done + +# GPG/PGP Key Generation +echo "" +print_header "GPG/PGP Key Generation" +read -p "Would you like to generate GPG/PGP keys? [y/N]: " GPG_CHOICE + +if [[ "$GPG_CHOICE" =~ ^[Yy]$ ]]; then + if ! command -v gpg &> /dev/null; then + print_error "GPG is not installed on your system" + echo "" + echo "Please install GPG:" + + if [[ "$OSTYPE" == "linux-gnu"* ]]; then + echo " Ubuntu/Debian: sudo apt-get install gnupg" + echo " Fedora/RHEL: sudo dnf install gnupg2" + echo " Arch: sudo pacman -S gnupg" + elif [[ "$OSTYPE" == "darwin"* ]]; then + echo " macOS: brew install gnupg" + fi + else + echo "" + print_info "Generating GPG key pair..." + + # Create GPG batch file + GPG_BATCH_FILE=$(mktemp) + + cat > "$GPG_BATCH_FILE" < pubkey.asc" + + if [ -n "$BACKUP_PATH" ]; then + echo "" + print_info "⚠️ WARNING: Backing up private GPG keys. Ensure backup location is secure!" + print_info "Backing up GPG keys to $BACKUP_PATH..." + gpg --export-secret-keys --armor "$USER_EMAIL" > "$BACKUP_PATH/gpg_private_key.asc" 2>/dev/null + gpg --export --armor "$USER_EMAIL" > "$BACKUP_PATH/gpg_public_key.asc" 2>/dev/null + chmod 600 "$BACKUP_PATH/gpg_private_key.asc" + chmod 644 "$BACKUP_PATH/gpg_public_key.asc" + print_success "GPG keys backed up" + fi + fi +fi + +# Display SSH configuration +echo "" +print_header "SSH Configuration Complete" +echo "" +echo "Your SSH keys are located in: $SSH_DIR" +echo "" +echo "To use your keys with SSH:" +echo " ssh -i \"$SSH_DIR/id_ed25519_1\" user@host" +echo "" +echo "To add your key to ssh-agent:" +echo " 1. Start ssh-agent: eval \$(ssh-agent)" +echo " 2. Add your key: ssh-add \"$SSH_DIR/id_ed25519_1\"" +echo "" +echo "To copy your public key:" +echo " cat \"$SSH_DIR/id_ed25519_1.pub\"" +echo "" + +if [ -n "$BACKUP_PATH" ]; then + echo "Keys backed up to: $BACKUP_PATH" + echo "" +fi + +# Optional: Add to SSH config +echo "" +read -p "Would you like to view the SSH directory? [y/N]: " OPEN_DIR +if [[ "$OPEN_DIR" =~ ^[Yy]$ ]]; then + if command -v xdg-open &> /dev/null; then + xdg-open "$SSH_DIR" + elif command -v open &> /dev/null; then + open "$SSH_DIR" + else + ls -la "$SSH_DIR" + fi +fi + +echo "" +print_success "Setup complete!"