| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- #!/usr/bin/env bash
- set -euo pipefail
- USER="${USER:-$(whoami)}"
- HOST="${HOST:-$(hostname -s 2>/dev/null || hostname)}"
- DATE="$(date +%F)"
- SSH_DIR="$HOME/.ssh"
- mkdir -p "$SSH_DIR"
- PASS_PATH="personal/ssh/$USER@$HOST/$DATE"
- # --- Temporary directory for private key (macOS compatible) ---
- # Tries /dev/shm if present (Linux), otherwise falls back to standard temp.
- if [[ -d /dev/shm && -w /dev/shm ]]; then
- TMPDIR_BASE="/dev/shm"
- else
- TMPDIR_BASE="${TMPDIR:-/tmp}"
- fi
- TMP_WORKDIR="$(mktemp -d "$TMPDIR_BASE/sshkey.${USER}.${HOST}.${DATE}.XXXXXX")"
- TMP_PRIV="$TMP_WORKDIR/id_ed25519"
- cleanup() {
- # best-effort secure cleanup: delete key material and remove temp dir
- rm -f "$TMP_PRIV" "$TMP_PRIV.pub" 2>/dev/null || true
- rmdir "$TMP_WORKDIR" 2>/dev/null || true
- }
- trap cleanup EXIT INT TERM
- # Generate Ed25519 key pair into temp dir
- ssh-keygen -t ed25519 -f "$TMP_PRIV" -N "" -q
- # Insert private key into pass
- pass insert --multiline --force "$PASS_PATH" < "$TMP_PRIV"
- echo "Private key stored in pass at $PASS_PATH"
- # Extract public key from the same temp file
- ssh-keygen -y -f "$TMP_PRIV" > "$SSH_DIR/$USER@$HOST.pub"
- chmod 600 "$SSH_DIR/$USER@$HOST.pub" 2>/dev/null || true
- echo "Public key written to $SSH_DIR/$USER@$HOST.pub"
- # Temp key removed automatically by trap
|
