Generates a new ssh key pair

ssh-keygen.sh

#! /bin/bash
#description: Generates a new key based on some standards
#   - type ed25519, 256 rounds
#   - hostname at the end of file
#
# Also, change key pair permissions and print instructions on how to set the server
# Based on:
# https://cryptsus.com/blog/how-to-secure-your-ssh-server-with-public-key-elliptic-curve-ed25519-crypto.html

#--- Variables ---#
OWNER_RWE=700
OWNER_R=400

SSH_DIR_S=~/.ssh
SSH_DIR_L=/home/$USER/.ssh
SSH_FILE=id_ed25519

#--- Main program ---#
echo "Generating ellyptic key..."
ssh-keygen \
  -o \
  -a 256 \
  -t ed25519 \
  -C "$USER@$(hostname)"

echo "\nMake the .ssh directory unreadable for other users and groups..."
chmod $OWNER_RWE $SSH_DIR_S
chmod $OWNER_RWE /home/$USER/.ssh

echo "Make the private SSH key read only..."
chmod $OWNER_R $SSH_DIR_L/$SSH_FILE
chmod $OWNER_R $SSH_DIR_S/$SSH_FILE

echo "Make $USER own the SSH key pair files..."
chown $USER:$USER $SSH_DIR_S/$SSH_FILE*
chown $USER:$USER $SSH_DIR_L/$SSH_FILE*

echo "\nServer side actions:\n"
echo "rm /etc/ssh/ssh_host_* 						#Delete old SSH keys"
echo "rm ~/.ssh/id_* 							    #Delete old SSH keys"
echo "sudo dpkg-reconfigure openssh-server			#Reset SSH config to defaults and generate new key files"
echo "rm /home/\$USER/.ssh/id_*     				#Delete old SSH keys"
echo "vi /home/\$USER/.ssh/authorized_keys			#paste public key here"
echo "cd /home/\$USER/ && chmod g-w,o-w .ssh/		#The directory containing your .ssh directory must not be writeable by group or others"
echo "chmod 600 /home/\$USER/.ssh/authorized_keys   #change permissions to r+w only for user"
echo "service sshd restart						    #restart and reload keys into the SSH deamon"