ssh-key-generator icon indicating copy to clipboard operation
ssh-key-generator copied to clipboard

Published 20 hours ago verified publisher icon mithrandi

SSH host key support?

Open ghost opened this issue 7 years ago • 4 comments

This is quite neat, something I've wanted to see for a while.

Do you think it'd be possible to make this work for host key files so that you can predict the fingerprint of a host you've just created? I suppose you could also generate host keys client side and export them in the install script, but I wonder if there's a somewhat cleaner way to do it.

ghost avatar Jun 13 '17 22:06 ghost

I couldn't quite think of a way to make this usefully, but maybe I misunderstood what you are asking for. We have either of:

  1. Keep the seed on the provisioning host only, generate the private key, and copy it over to the host. But this is basically the same as generating a random keypair and copying that over.
  2. Copy the seed over to the host; then the host can impersonate any other host by generating their private key.

mithrandi avatar Jun 14 '17 13:06 mithrandi

@teran-mckinney An ssh host key is no different than any other signing key. I've ported this script to python and added support for generating RSA and ECDSA keys. Source is available at https://github.com/blackknight36/ssh-static-key-generator/blob/master/ssh_static_keygen.py.

This works well in our environment as we are often creating and destroying VMs and it is useful to be able to build a server with a host key that is already known.

blackknight36 avatar Sep 10 '19 00:09 blackknight36

@blackknight36 thank you!

ghost avatar Sep 10 '19 21:09 ghost

@teran-mckinney You're welcome. While you could just run ssh-keygen and store the key files for later use I thought it would be nice to be able to generate keys based on a predefined seed.

blackknight36 avatar Sep 11 '19 13:09 blackknight36