SSH Key generation

installSSL.sh

#!/bin/bash

# Set variables for key files
PRIVATE_KEY_FILE="/etc/ssh/ecdh_private_key.pem"
PUBLIC_KEY_FILE="/etc/ssh/ecdh_public_key.pem"
SSH_CONFIG_FILE="/etc/ssh/sshd_config"

# Function to handle errors
handle_error() {
    echo "Error: $1"
    exit 1
}

# Ensure the script is run as root
if [ "$(id -u)" -ne 0 ]; then
    handle_error "This script must be run as root."
fi

# Generate ECDH private key
echo "Generating ECDH private key..."
openssl ecparam -name prime256v1 -genkey -noout -out $PRIVATE_KEY_FILE || handle_error "Failed to generate private key."

# Generate ECDH public key
echo "Generating ECDH public key..."
openssl ec -in $PRIVATE_KEY_FILE -pubout -out $PUBLIC_KEY_FILE || handle_error "Failed to generate public key."

# Verify the private key
echo "Verifying private key..."
openssl ec -in $PRIVATE_KEY_FILE -text -noout || handle_error "Private key verification failed."

# Verify the public key
echo "Verifying public key..."
openssl ec -in $PUBLIC_KEY_FILE -pubin -text -noout || handle_error "Public key verification failed."

# Add the keys to the SSH config
echo "Adding keys to SSH config..."
if ! grep -q "HostKey $PRIVATE_KEY_FILE" $SSH_CONFIG_FILE; then
    echo "HostKey $PRIVATE_KEY_FILE" >> $SSH_CONFIG_FILE
else
    echo "HostKey $PRIVATE_KEY_FILE already exists in $SSH_CONFIG_FILE"
fi

# Set appropriate permissions for the keys
echo "Setting permissions for key files..."
chmod 600 $PRIVATE_KEY_FILE || handle_error "Failed to set permissions on private key file."
chmod 644 $PUBLIC_KEY_FILE || handle_error "Failed to set permissions on public key file."

# Determine the correct SSH service name
SSH_SERVICE="ssh"
if systemctl list-units --type=service | grep -q "sshd.service"; then
    SSH_SERVICE="sshd"
fi

# Restart SSH service to apply changes
echo "Restarting SSH service..."
systemctl restart $SSH_SERVICE || handle_error "Failed to restart SSH service."

echo "ECDH key pair generation and SSH configuration completed successfully."

setup-client.sh

#!/bin/zsh

# Function to handle errors
handle_error() {
    echo "Error: $1"
    exit 1
}

# Prompt for server user and IP
read "SERVER_USER?Enter the server username: "
read "SERVER_IP?Enter the server IP address: "

# Variables
LOCAL_USER=$(whoami)
PRIVATE_KEY_PATH="/etc/ssh/ecdh_private_key.pem"
PUBLIC_KEY_PATH="/etc/ssh/ecdh_public_key.pem"
LOCAL_PRIVATE_KEY_PATH="$HOME/.ssh/ecdh_private_key.pem"
SSH_CONFIG_PATH="$HOME/.ssh/config"

# Remove old host key to avoid conflicts
ssh-keygen -R ${SERVER_IP}

# Generate ECDH key pair on the server if not already existing
ssh ${SERVER_USER}@${SERVER_IP} "if [ ! -f ${PRIVATE_KEY_PATH} ]; then
    sudo openssl ecparam -name prime256v1 -genkey -noout -out ${PRIVATE_KEY_PATH};
    sudo openssl ec -in ${PRIVATE_KEY_PATH} -pubout -out ${PUBLIC_KEY_PATH};
    sudo chmod 600 ${PRIVATE_KEY_PATH};
fi" || handle_error "Failed to generate keys on the server."

# Copy private key from server to local machine
scp ${SERVER_USER}@${SERVER_IP}:${PRIVATE_KEY_PATH} ${LOCAL_PRIVATE_KEY_PATH} || handle_error "Failed to copy private key from server."

# Ensure proper permissions
chmod 700 ~/.ssh
chmod 600 ${LOCAL_PRIVATE_KEY_PATH}

# Ensure the SSH config file exists
if [ ! -f "${SSH_CONFIG_PATH}" ]; then
    touch "${SSH_CONFIG_PATH}"
    chmod 600 "${SSH_CONFIG_PATH}"
fi

# Update SSH config if not already configured
if ! grep -q "Host ${SERVER_IP}" "${SSH_CONFIG_PATH}"; then
    {
        echo ""
        echo "Host ${SERVER_IP}"
        echo "    User ${SERVER_USER}"
        echo "    IdentityFile ${LOCAL_PRIVATE_KEY_PATH}"
        echo "    KexAlgorithms ecdh-sha2-nistp256"
        echo "    HostKeyAlgorithms ecdsa-sha2-nistp256"
    } >> "${SSH_CONFIG_PATH}"
else
    echo "Configuration for ${SERVER_IP} already exists in ${SSH_CONFIG_PATH}"
fi

echo "SSH configuration updated. You can now connect using: ssh ${SERVER_USER}@${SERVER_IP}"