Create SSH keys for Github. Depending on the operating system you are using, there are two ways of generating SSH keys for GitHub. Create SSH keys on Linux using ssh-keygen. First of all, let’s have a look at creating SSH keys on Linux operating systems.
A utility for deterministically generating ssh keypairs. PROOF OF CONCEPT ONLY.
Each keypair is generated by hashing together a 'seed' or 'master key' (shouldbe at least 32 bytes, randomly generated, and kept secret) and a unique'handle' (using the same handle will result in the same keypair, but the handledoes not need to be kept secret); the resulting SHA256 hash is used as theinput for generating an Ed25519 keypair.
This allows the creation of a large number of unique keypairs without having toactually manage the keypairs individually. This allows for, say, using adifferent keypair for every host you need to log into, thus preventing someonefrom correlating different user accounts on different hosts by the public keysin authorized_keys.
Generate Ssh Public Key For Github
This proof of concept implementation just generates one keypair at a time;ideally the keypairs would be generated on demand, perhaps by an SSH agentimplementation (the key generation step should only take a few milliseconds).
Note that while Ed25519 allows for using any 32-byte input to generate akeypair, making this implementation trivial, implementing a similar scheme forother key types is probably possible in some cases (eg. ECDSA), and infeasiblein others (DSA/RSA, probably).
You will need ghc and cabal, as well as the libsodium development files; onDebian/Ubuntu, the
ghc
and libsodium-dev
packages are what you need../seed
is the master key, HIMOM
is the key handle, and ./id_ed25519
isthe output file into which the private key will be placed. ssh-keygen
is theninvoked to print the public key out.Ssh Key Setup
There are three modes available:
- raw: Use the seed as is; must be at least 32bytes long, and must have at least that much entropy in it to avoidweaker-than-expected keys.
- generate: Same as raw, except that a new seed will be generated using anappropriate platform-specific mechanism. The program will try not tooverwrite an existing seed file.
- key: Use an existing Ed25519 SSH private key. Only the seed of the key willbe used, rather than the whole key file data, so changes in the metadata willnot affect generation.