Home Explore Help
Sign In
secstate
/
dotfiles
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[bin] Make rekey work on macos

Colin Powell 4 days ago
parent
ebe255c75f
commit
3e7962c0d3
2 changed files with 23 additions and 10 deletions
Split View Show Diff Stats
  1. 22 7
      bin/.bin/rekey
  2. 1 3
      ssh/.ssh/config

+ 22 - 7
bin/.bin/rekey
View File 

@@ -2,25 +2,40 @@
 
 set -euo pipefail
 
 
 USER="${USER:-$(whoami)}"
 
-HOST="${HOST:-$(hostname)}"
 
+HOST="${HOST:-$(hostname -s 2>/dev/null || hostname)}"
 
 DATE="$(date +%F)"
 
 SSH_DIR="$HOME/.ssh"
 
 mkdir -p "$SSH_DIR"
 
 PASS_PATH="personal/ssh/$USER@$HOST/$DATE"
 
 
-# --- Temporary RAM-backed file for private key ---
 
-TMP_PRIV="/dev/shm/sshkey_$USER@$HOST$DATE"
 
-trap 'rm -f "$TMP_PRIV"' EXIT
 
+# --- Temporary directory for private key (macOS compatible) ---
 
+# Tries /dev/shm if present (Linux), otherwise falls back to standard temp.
 
+if [[ -d /dev/shm && -w /dev/shm ]]; then
 
+  TMPDIR_BASE="/dev/shm"
 
+else
 
+  TMPDIR_BASE="${TMPDIR:-/tmp}"
 
+fi
 
 
-# Generate Ed25519 key pair into RAM
 
+TMP_WORKDIR="$(mktemp -d "$TMPDIR_BASE/sshkey.${USER}.${HOST}.${DATE}.XXXXXX")"
 
+TMP_PRIV="$TMP_WORKDIR/id_ed25519"
 
+
 
+cleanup() {
 
+  # best-effort secure cleanup: delete key material and remove temp dir
 
+  rm -f "$TMP_PRIV" "$TMP_PRIV.pub" 2>/dev/null || true
 
+  rmdir "$TMP_WORKDIR" 2>/dev/null || true
 
+}
 
+trap cleanup EXIT INT TERM
 
+
 
+# Generate Ed25519 key pair into temp dir
 
 ssh-keygen -t ed25519 -f "$TMP_PRIV" -N "" -q
 
 
 # Insert private key into pass
 
-cat "$TMP_PRIV" | pass insert --multiline --force "$PASS_PATH"
 
+pass insert --multiline --force "$PASS_PATH" < "$TMP_PRIV"
 
 echo "Private key stored in pass at $PASS_PATH"
 
 
 # Extract public key from the same temp file
 
 ssh-keygen -y -f "$TMP_PRIV" > "$SSH_DIR/$USER@$HOST.pub"
 
+chmod 600 "$SSH_DIR/$USER@$HOST.pub" 2>/dev/null || true
 
 echo "Public key written to $SSH_DIR/$USER@$HOST.pub"
 
 
-# Private key removed from /dev/shm automatically
 
+# Temp key removed automatically by trap

+ 1 - 3
ssh/.ssh/config
View File 

@@ -59,14 +59,12 @@ Host ymir.local gerd.local skoll.local thrymr.local tharvis.local thyrmr.local a
 
 # Bare metal hosts
 
 Host hati.local tarqeq.local daphnis.local loge.local hyperion.local dione.local phoebe.local iapetus.local titan.local paaliaq.local kiviuq.local kari.local siarnaq.local skathi.local tarvos.local rhea.local erriapus.local mimas.local polydeuces.local mundilfari.local ijiraq.local
 
   User powellc
 
-  IdentityFile ~/.ssh/2022_h2_powellc
 
 
 # Inside our network, skip strict host key checking
 
 Host *.local *.service
 
   StrictHostKeyChecking no
 
   User root
 
-  #IdentityFile ~/.ssh/2022_h2_powellc
 
-  IdentityFile ~/.ssh/jails
 
+  #IdentityFile ~/.ssh/jails
 
 
 
 # Root hosts