Created
May 28, 2013 08:46
-
-
Save jwilkins/5661413 to your computer and use it in GitHub Desktop.
convert ssh private keys to more secure format
based on http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| NOW=$(date +"%Y%m%d%H%M%S") | |
| if [ "$#" -eq 0 ];then | |
| echo "Usage $0 keyfile" | |
| echo " or $0 -a Convert all keys" | |
| exit | |
| fi | |
| function convert_file { | |
| echo "Converting $1" | |
| cp "$1" "$1-$NOW" | |
| openssl pkcs8 -topk8 -v2 des3 -in "$1-$NOW" -out "$1" | |
| chmod 600 "$1" | |
| } | |
| if [[ $1 == "-a" ]]; then | |
| for FILE in $(grep "PRIVATE KEY" ~/.ssh2/*); do | |
| convert_file $FILE_ | |
| done | |
| echo "Check that the converted keys work; if yes, delete the old ones:" | |
| echo "$ rm ~/.ssh/*-$NOW" | |
| exit | |
| else | |
| for FILE in $@; do | |
| if [[ -r $FILE ]]; then | |
| convert_file $FILE | |
| fi | |
| done | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment