Stackscript for setting up SSH key with Github - Secure?!
I was wondering if this idea is "secure". Currently I manually create a server SSH key using my stackscript then I manually add this to my github whilst the stackscript is paused, then I confirm that it has been added and the stackscript continues to run, cloning my code from my private github.
What about if I always had the same ssh access key added on github that doesnt change. Then I use this key hardcoded into my stackscript to add it as the servers SSH key, and then have the SSH key password as a UDF variable that I enter when deploying a server.
This way, I wouldnt have to do anything manually on deployment, I would just need to put the SSH key password in as a stackscript variable on deploy.
Any thoughts would be much appreciated.
James
2 Replies
I know this is a pretty late, but I thought I'd still reply. First - I'm very curious how you were able to get your Stackscript to pause?
Automating ssh key generation
So Obviously, hard-coding an SSH key and reusing it is bad M'kay. Here is a one liner I got from here which automates the creation of the ssh key.
HOSTNAME=`hostname` ssh-keygen -t rsa -C "$HOSTNAME" -f "$HOME/.ssh/id_rsa" -P "" && cat ~/.ssh/id_rsa.pub
In my opinion, using this one-liner along with some of the answers / comments in this post should be able to ensure you a fully automated / silent key generation. Hint: You will probably want some redirection magic like 0>&-. I have't tested it yet.
Uploading the key to Github
This gist from here seems like it would work:
curl -u "user:pass" --data '{"title":"test-key","key":"'"$(cat ~/.ssh/id_rsa.pub)"'"}' https://api.github.com/user/keys
But Github now has the CLI tool gh released, so you could just run something like:
gh ssh-key add ~/.ssh/id_rsa.pub
Here is the documentation / command. Hope this can help someone.
