rotate-ssh-keys.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

#!/usr/bin/env bash
set -Eeuo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"

rm -f ./secrets/ssh/*
ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-client
ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-server
PUBLIC_KEY="$(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)"
echo "${TLD},${PINNED_IP} ssh-rsa ${PUBLIC_KEY}" > ./secrets/ssh/known-hosts.txt

# git add ./secrets/ssh/
# git commit -m "Script: rotate SSH keys"

# rotate() {
#   # FIXME: add email address?
#   # FIXME: use 4096 instead of (default) 2048
#   ssh-keygen -t rsa \
#              -q     \
#              -N ''  \
#              -f "${1}"
# }

# rotate ./secrets/ssh/vps-box-client
# rotate ./secrets/ssh/vps-box-server


# FIXME:
# Commit to repo the rotated files