install.fairie/.config/taskfiles/security/Taskfile-ssh.yml

70 lines
2.1 KiB
YAML
Raw Normal View History

2022-12-24 12:04:59 -08:00
---
version: '3'
tasks:
generate:
vars:
SSH_CIPHER: '{{if .SSH_CIPHER}}{{.SSH_CIPHER}}{{else}}ed25519{{end}}'
SSH_EMAIL_COMMENT:
sh: echo "{{if .SSH_EMAIL}}{{.SSH_EMAIL}}{{else}}$(jq -r '.YUBI_EMAIL' .yubi.json){{end}}"
SSH_KEY_CATEGORY: '{{if .SSH_KEY_CATEGORY}}{{.SSH_KEY_CATEGORY}}{{else}}ssh{{end}}'
cmds:
- mkdir -p "$HOME/.ssh"
- ssh-keygen -t {{.SSH_CIPHER}} -C "{{.SSH_EMAIL_COMMENT}} ({{.SSH_CIPHER}} - {{.SSH_KEY_CATEGORY}})"
-f "$HOME/.ssh/id_gpg_{{.SSH_CIPHER}}_{{.SSH_KEY_CATEGORY}}" -q -P ""{{if (eq .SSH_CIPHER "rsa")}} -b 4096{{end}}
yubikey:
summary: |
Generates default SSH keys that are intended to be made part of
the keys stored in the ~/.gnupg folder using the `gpg-agent`.
cmds:
- task: generate
vars:
SSH_CIPHER: ed25519
SSH_KEY_CATEGORY: alt_auto
- task: generate
vars:
SSH_CIPHER: rsa
SSH_KEY_CATEGORY: alt_auto
- task: generate
vars:
SSH_CIPHER: ed25519
SSH_KEY_CATEGORY: auto
- task: generate
vars:
SSH_CIPHER: rsa
SSH_KEY_CATEGORY: auto
- task: generate
vars:
SSH_CIPHER: ed25519
SSH_KEY_CATEGORY: local
- task: generate
vars:
SSH_CIPHER: rsa
SSH_KEY_CATEGORY: local
- task: generate
vars:
SSH_CIPHER: ed25519
SSH_KEY_CATEGORY: private
- task: generate
vars:
SSH_CIPHER: rsa
SSH_KEY_CATEGORY: private
- task: generate
vars:
SSH_CIPHER: ed25519
SSH_KEY_CATEGORY: web
- task: generate
vars:
SSH_CIPHER: rsa
SSH_KEY_CATEGORY: web
status:
- '[ -n "$YUBIKEY_BACKUP" ]'
yubikey:resident:
notes:
- https://catbaba.com/ssh-authentication-with-a-yubikey-fido2-hardware-token-easy-portable-touch-free/
- -O no-touch-required for no touch required auth
cmds:
- ssh-keygen -t ed25519 -O resident -O verify-required -C "{{.FILL_ME_IN}}"