Just generate one ssh key per machine

install.org

@@ -345,31 +345,38 @@ paru -S --needed \
 
 ** SSH Keys for Tunnels
 
+Use a single SSH key for all hosts (matches =~/.ssh/config=).
+
 #+begin_src bash
-setup_ssh_key() {
+KEY_FILE="$HOME/.ssh/id_ed25519"
-    local key_name="$1"
+HOMELAB_OK=1
-    local remote_host="$2"
+ESRF_OK=1
-    local remote_port="${3:-22}"
-    local key_file="$HOME/.ssh/id_ed25519_${key_name}"
 
+# Generate main SSH key if it doesn't exist
+if [ ! -f "${KEY_FILE}" ]; then
     echo ""
-    echo "==> Setting up SSH key for ${key_name}"
+    echo "==> Generating main SSH key"
-
+    read -p "Generate new SSH key at ${KEY_FILE}? [y/N] " -n 1 -r
-    # Generate key if it doesn't exist
-    if [ ! -f "${key_file}" ]; then
-        read -p "Generate new SSH key for ${key_name}? [y/N] " -n 1 -r
     echo
     if [[ $REPLY =~ ^[Yy]$ ]]; then
-            ssh-keygen -t ed25519 -C "${key_name}-tunnel" -f "${key_file}" -N ""
+        ssh-keygen -t ed25519 -C "thomas@$(hostname)" -f "${KEY_FILE}" -N ""
     else
-            echo "Skipping ${key_name} key generation"
+        echo "Skipping SSH key generation"
-            return 1
-        fi
     fi
+fi
+
+# Deploy key to a remote host if needed
+deploy_ssh_key() {
+    local host_name="$1"
+    local remote_host="$2"
+    local remote_port="${3:-22}"
+
+    echo ""
+    echo "==> Checking SSH key for ${host_name}"
 
     # Check if we can connect without password
-    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" -i "${key_file}" "${remote_host}" exit 2>/dev/null; then
+    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" "${remote_host}" exit 2>/dev/null; then
-        echo "SSH key for ${key_name} is already deployed ✓"
+        echo "SSH key for ${host_name} is already deployed ✓"
         return 0
     fi
 
@@ -377,19 +384,20 @@ setup_ssh_key() {
     read -p "Deploy SSH key to ${remote_host}? [y/N] " -n 1 -r
     echo
     if [[ $REPLY =~ ^[Yy]$ ]]; then
-        ssh-copy-id -i "${key_file}.pub" -p "${remote_port}" "${remote_host}"
+        ssh-copy-id -i "${KEY_FILE}.pub" -p "${remote_port}" "${remote_host}"
+        return 0
     else
-        echo "Skipping ${key_name} key deployment"
+        echo "Skipping ${host_name} key deployment"
         return 1
     fi
 }
 
-# Setup homelab key
+# Setup homelab
-setup_ssh_key "homelab" "homelab" 22
+deploy_ssh_key "homelab" "homelab" 22
 HOMELAB_OK=$?
 
-# Setup ESRF key
+# Setup ESRF
-setup_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
+deploy_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
 ESRF_OK=$?
 #+end_src
 

scripts/install-main.sh

@@ -113,30 +113,35 @@ paru -S --needed \
     highlight-pointer-git \
     mpd
 
-setup_ssh_key() {
+KEY_FILE="$HOME/.ssh/id_ed25519"
-    local key_name="$1"
+HOMELAB_OK=1
-    local remote_host="$2"
+ESRF_OK=1
-    local remote_port="${3:-22}"
-    local key_file="$HOME/.ssh/id_ed25519_${key_name}"
 
+# Generate main SSH key if it doesn't exist
+if [ ! -f "${KEY_FILE}" ]; then
     echo ""
-    echo "==> Setting up SSH key for ${key_name}"
+    echo "==> Generating main SSH key"
-
+    read -p "Generate new SSH key at ${KEY_FILE}? [y/N] " -n 1 -r
-    # Generate key if it doesn't exist
-    if [ ! -f "${key_file}" ]; then
-        read -p "Generate new SSH key for ${key_name}? [y/N] " -n 1 -r
     echo
     if [[ $REPLY =~ ^[Yy]$ ]]; then
-            ssh-keygen -t ed25519 -C "${key_name}-tunnel" -f "${key_file}" -N ""
+        ssh-keygen -t ed25519 -C "thomas@$(hostname)" -f "${KEY_FILE}" -N ""
     else
-            echo "Skipping ${key_name} key generation"
+        echo "Skipping SSH key generation"
-            return 1
-        fi
     fi
+fi
+
+# Deploy key to a remote host if needed
+deploy_ssh_key() {
+    local host_name="$1"
+    local remote_host="$2"
+    local remote_port="${3:-22}"
+
+    echo ""
+    echo "==> Checking SSH key for ${host_name}"
 
     # Check if we can connect without password
-    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" -i "${key_file}" "${remote_host}" exit 2>/dev/null; then
+    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" "${remote_host}" exit 2>/dev/null; then
-        echo "SSH key for ${key_name} is already deployed ✓"
+        echo "SSH key for ${host_name} is already deployed ✓"
         return 0
     fi
 
@@ -144,19 +149,20 @@ setup_ssh_key() {
     read -p "Deploy SSH key to ${remote_host}? [y/N] " -n 1 -r
     echo
     if [[ $REPLY =~ ^[Yy]$ ]]; then
-        ssh-copy-id -i "${key_file}.pub" -p "${remote_port}" "${remote_host}"
+        ssh-copy-id -i "${KEY_FILE}.pub" -p "${remote_port}" "${remote_host}"
+        return 0
     else
-        echo "Skipping ${key_name} key deployment"
+        echo "Skipping ${host_name} key deployment"
         return 1
     fi
 }
 
-# Setup homelab key
+# Setup homelab
-setup_ssh_key "homelab" "homelab" 22
+deploy_ssh_key "homelab" "homelab" 22
 HOMELAB_OK=$?
 
-# Setup ESRF key
+# Setup ESRF
-setup_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
+deploy_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
 ESRF_OK=$?
 
 echo "==> Tangling systemd configs"