1#! /bin/sh 2 3rm *.key *.pub 4 5# avoid having too many files 6ecbits="ecbits.txt" 7echo 521 > "$ecbits" 8getecbits() { 9 last=$(cat $ecbits) 10 case "$last" in 11 256) last=384;; 12 384) last=521;; 13 521) last=256;; 14 esac 15 echo $last > "$ecbits" 16 echo $last 17} 18 19genkey() { 20 fn="$1" 21 args="-f $fn -C $fn" 22 case "$fn" in 23 ecdsa-*) args="$args -t ecdsa -b $(getecbits)" ;; 24 rsa-*) args="$args -t rsa" ;; 25 dsa-*) args="$args -t dsa" ;; 26 ed25519-*) args="$args -t ed25519" ;; 27 esac 28 password='' 29 case "$fn" in 30 *-psw.*) password="password" ;; 31 esac 32 ssh-keygen -q -o $args -N "$password" 33} 34 35# generate private key files 36for ktype in rsa dsa ecdsa ed25519; do 37 for psw in nopsw psw; do 38 genkey "${ktype}-${psw}.key" 39 done 40done 41 42# generate public key files 43for fn in *.key; do 44 ssh-keygen -q -y -f "$fn" > /dev/null 45done 46 47rm -f "$ecbits" 48 49# generate public key files with certificate 50ssh-keygen -q -s "dsa-nopsw.key" -I "name" \ 51 -z 1 -V 20100101123000:21090101123000 \ 52 "dsa-nopsw.key.pub" 53ssh-keygen -q -s "rsa-nopsw.key" -I "name" \ 54 -z 2 -n user1,user2 -t rsa-sha2-512 \ 55 "rsa-nopsw.key.pub" 56ssh-keygen -q -s "ecdsa-nopsw.key" -I "name" \ 57 -h -n domain1,domain2 \ 58 "ecdsa-nopsw.key.pub" 59ssh-keygen -q -s "ed25519-nopsw.key" -I "name" \ 60 -O no-port-forwarding \ 61 "ed25519-nopsw.key.pub" 62 63