Sep 01, 2022, 06:51 am
Did you know all of your public SSH keys are truly public? Surprise! Look up:
To sign any code, do
To add the local public key
To add the public keys
To verify, just do this (add the public key, check authenticity)
Don't forget to replace the values of "user=", "ssh_key=", "file=" and "domain=" by yours! Please avoid replacing anything else.
Code:
user=""
domain="github.com"
wget -qO - -- "https://${site:-"github.com"}/${user:-"user"}.keys"To sign any code, do
Show Content
Spoiler
Code:
ssh_key=""
file=""
[[ -s "${ssh_key:-"${HOME}/.ssh/id_rsa"}" ]] || ssh-keygen; ssh-keygen -Y sign -n "file" -f "${ssh_key:-"${HOME}/.ssh/id_rsa"}" < "${file:-"/dev/null"}" > "${file:-"null"}.asc"To add the local public key
Show Content
Spoiler
Code:
ssh_key=""
[[ -s "${ssh_key:-"${HOME}/.ssh/id_rsa.pub"}" ]] || ssh-keygen; printf -- '%s\n' "$( ssh_key="${ssh_key:-"${HOME}/.ssh/id_rsa"}"; ssh_key="${ssh_key%"/"*}"; cat -- "${ssh_key}/"*".pub" | sed "s/^/${USER} /g" )" >> ~/.ssh/allowed_signersTo add the public keys
Show Content
Spoiler
Code:
user=""
domain="github.com"
printf -- '%s\n' "$( user="${user:-"${USER}"}"; wget -qO - -- "https://${domain:-"github.com"}/${user}.keys" | sed "s/^/${user,,} /g" )" >> ~/.ssh/allowed_signersTo verify, just do this (add the public key, check authenticity)
Show Content
Spoiler
Code:
user=""
file=""
if [[ -s ~/.ssh/allowed_signers ]]; then ssh-keygen -Y verify -f ~/.ssh/allowed_signers -I "${user,,}" -n "file" -s "${file:-"null"}.asc" < "${file:-"/dev/null"}"; else printf -- '%s\n' "Please add a public key" 1>&2; fiDon't forget to replace the values of "user=", "ssh_key=", "file=" and "domain=" by yours! Please avoid replacing anything else.