A pass extension that creates ssh keys with an automatically generated passphrases stored in pass and outputs the public key using fzf or rofi.
The examples suppose you use the
xclip clipboard manager:
Run pass ssh, this will show all existing keys under ~/.ssh.
Create a new one by entering the name of a key that does not exist,
for example mynewkey. pass ssh will then generate a new password
for it in the password store under /sshkey-passphrase/mynewkey and
use that passphrase as the ssh key's passphrase. Finally, pass ssh
will output the ssh key's public key on stdout.
Connect to a host using the ssh key, for example ssh -i ~/.ssh/mynewkey myhost. ssh will then ask for a passphrase, the one
stored in the password store at /sshkey-passphrase/mynewkey. You can
then simply copy the passphrase with pass --clip /sshkey-passphrase/mynewkey and copy paste it to the ssh passphrase
prompt.
pass ssh [--help,-h]
[--fzf,-f]|[--rofi,-r] [--ssh-dir <s>,-d <s>]
[--pass-prefix <s>,-p <s>] [--passphrase-no-symbols,-n] [--passphrase-length <s>,-l <s>]
[--ssh-t <s>] [--ssh-b <s>]
pass-ssh provides an interactive solution to create ssh private and
public keypairs with passphrases stored in pass as well as write the
public key to stdout. It will show all available ssh keys in either
fzf or rofi, wait for the user to select one and write the public
key to stdout.
The user can select fzf or rofi by giving either --fzf
or --rofi. By default, rofi will be selected and
pass-ssh will fallback to fzf.
If the selected key file does not exist under the directory given by
--ssh-dir, first a passphrase will be generated in pass
under the prefix given by --pass-prefix. Specific passphrase
length can be given using --passphrase-length and no symbols can
be activated with --passphrase-no-symbols. Second, a new private
and public keypair will be generated with the aforementioned passphrase
and with ssh-keygen's -t and -b option given
respectively by --ssh-t and --ssh-b. Lastly, the public key
is written to stdout.
If the selected key exists, the public key is simply written to stdout.
-f,--fzfUse fzf to select pass-name.-r,--rofiUse rofi to select pass-name.-d,--ssh-dirDirectory holding ssh keyfiles, default $HOME/.ssh.-p,--pass-prefixPrefix under which passphrase are stored in pass, default sshkey-passphrase.-n,--no-symbolsDo not use any non-alphanumeric characters.-l <size>,--length=<size>Provide a password length.--ssh-tssh-keygen's -t option, the type of key to create.--ssh-bssh-keygen's -b option, the number of bits in the key to create.-h,--helpShow usage message.
pacaur -S pass-sshgit clone https://github.com/ibizaman/pass-ssh/
cd pass-ssh
sudo make installpass 1.7.0or greater.- If you do not want to install this extension as system extension, you need to
enable user extension with
PASSWORD_STORE_ENABLE_EXTENSIONS=true pass. You can create an alias in.bashrc:alias pass='PASSWORD_STORE_ENABLE_EXTENSIONS=true pass'
Feedback, contributors, pull requests are all very welcome.
Update changelog and go to aur/ and update pkgver. Then add a git
tag. Finally, run make aur and make aur-push.
Thanks to roddhjav for creating pass-update from which this script is heavily inspired.
Copyright (C) 2017 Pierre PENNINCKX
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.