Generate Deterministic SSH keys
NAME:
ssh-keydgen - deterministic authentication key generation
USAGE:
ssh-keydgen [[-t <type>] [-b <bits>] [-c <curve>] [-f <filename>] [-a <rounds>] [--at <time>] [--am <memory>] [--as <seedphrase>] [--aa]]
AUTHOR:
cornfeedhobo
GLOBAL OPTIONS:
-t type Specifies the type of key to create. The possible values are "dsa", "ecdsa", "rsa", or "ed25519". (default: "rsa")
-b bits Specifies the number of bits in the key to create. Possible values are restricted by key type. (default: 2048)
-c curve Specifies the elliptic curve to use. The possible values are 256, 384, or 521. (default: 256)
-f filename Specifies the filename of the key file.
-a rounds Specifies the number of hashing rounds applied during key generation. (default: 1000)
--at time Specifies the time parameter for the Argon2 function. (default: 3)
--am memory Specifies the memory parameter for the Argon2 function. (default: 16384)
--ap threads Specifies the threads or parallelism for the Argon2 function. (default: 1)
--as seedphrase Provides the deterministic seedphrase.
--aa Add the generated key to the running ssh-agent.
COPYRIGHT:
(c) 2018 cornfeedhobo
-
Generate your keys
keydgen -f path/to/deterministic_key ls -lh path/to/deterministic_key* -
Allow time to pass, hoping an emergency does not arise when you have no access to your keys ...
If the time comes where you need access but can't get to your keys, you can then obtain this utility and re-generate, or even directly add your key to a running
ssh-agent.ssh-keydgen --aa
-
Profit!
Go 1.9 or later
Until there are more implementations of this generation scheme, you can at least verify the private key is usable and the public key matches what openssh generates.
cat path/to/deterministic_key.pub
ssh-keygen -y -f path/to/deterministic_keyIf the above outputs don't match, the public key was not generated properly. If you are prompted for a password, the private key was not generated properly.
ssh-keygen -p -f path/to/deterministic_key