4 days ago · 3e7962c0d3
--- a/bin/.bin/rekey
+++ b/bin/.bin/rekey
@@ -2,25 +2,40 @@
 
															 set -euo pipefail
														
 
															 USER="${USER:-$(whoami)}"
														
 
															-HOST="${HOST:-$(hostname)}"
														
 
															+HOST="${HOST:-$(hostname -s 2>/dev/null || hostname)}"
														
 
															 DATE="$(date +%F)"
														
 
															 SSH_DIR="$HOME/.ssh"
														
 
															 mkdir -p "$SSH_DIR"
														
 
															 PASS_PATH="personal/ssh/$USER@$HOST/$DATE"
														
 
															-# --- Temporary RAM-backed file for private key ---
														
 
															-TMP_PRIV="/dev/shm/sshkey_$USER@$HOST$DATE"
														
 
															-trap 'rm -f "$TMP_PRIV"' EXIT
														
 
															+# --- Temporary directory for private key (macOS compatible) ---
														
 
															+# Tries /dev/shm if present (Linux), otherwise falls back to standard temp.
														
 
															+if [[ -d /dev/shm && -w /dev/shm ]]; then
														
 
															+  TMPDIR_BASE="/dev/shm"
														
 
															+else
														
 
															+  TMPDIR_BASE="${TMPDIR:-/tmp}"
														
 
															+fi
														
 
															-# Generate Ed25519 key pair into RAM
														
 
															+TMP_WORKDIR="$(mktemp -d "$TMPDIR_BASE/sshkey.${USER}.${HOST}.${DATE}.XXXXXX")"
														
 
															+TMP_PRIV="$TMP_WORKDIR/id_ed25519"
														
 
															+
														
 
															+cleanup() {
														
 
															+  # best-effort secure cleanup: delete key material and remove temp dir
														
 
															+  rm -f "$TMP_PRIV" "$TMP_PRIV.pub" 2>/dev/null || true
														
 
															+  rmdir "$TMP_WORKDIR" 2>/dev/null || true
														
 
															+}
														
 
															+trap cleanup EXIT INT TERM
														
 
															+
														
 
															+# Generate Ed25519 key pair into temp dir
														
 
															 ssh-keygen -t ed25519 -f "$TMP_PRIV" -N "" -q
														
 
															 # Insert private key into pass
														
 
															-cat "$TMP_PRIV" | pass insert --multiline --force "$PASS_PATH"
														
 
															+pass insert --multiline --force "$PASS_PATH" < "$TMP_PRIV"
														
 
															 echo "Private key stored in pass at $PASS_PATH"
														
 
															 # Extract public key from the same temp file
														
 
															 ssh-keygen -y -f "$TMP_PRIV" > "$SSH_DIR/$USER@$HOST.pub"
														
 
															+chmod 600 "$SSH_DIR/$USER@$HOST.pub" 2>/dev/null || true
														
 
															 echo "Public key written to $SSH_DIR/$USER@$HOST.pub"
														
 
															-# Private key removed from /dev/shm automatically
														
 
															+# Temp key removed automatically by trap
														
--- a/ssh/.ssh/config
+++ b/ssh/.ssh/config
@@ -59,14 +59,12 @@ Host ymir.local gerd.local skoll.local thrymr.local tharvis.local thyrmr.local a
 
															 # Bare metal hosts
														
 
															 Host hati.local tarqeq.local daphnis.local loge.local hyperion.local dione.local phoebe.local iapetus.local titan.local paaliaq.local kiviuq.local kari.local siarnaq.local skathi.local tarvos.local rhea.local erriapus.local mimas.local polydeuces.local mundilfari.local ijiraq.local
														
 
															   User powellc
														
 
															-  IdentityFile ~/.ssh/2022_h2_powellc
														
 
															 # Inside our network, skip strict host key checking
														
 
															 Host *.local *.service
														
 
															   StrictHostKeyChecking no
														
 
															   User root
														
 
															-  #IdentityFile ~/.ssh/2022_h2_powellc
														
 
															-  IdentityFile ~/.ssh/jails
														
 
															+  #IdentityFile ~/.ssh/jails
														
 
															 # Root hosts