Stackscript for setting up SSH key with Github - Secure?!


I was wondering if this idea is "secure". Currently I manually create a server SSH key using my stackscript then I manually add this to my github whilst the stackscript is paused, then I confirm that it has been added and the stackscript continues to run, cloning my code from my private github.

What about if I always had the same ssh access key added on github that doesnt change. Then I use this key hardcoded into my stackscript to add it as the servers SSH key, and then have the SSH key password as a UDF variable that I enter when deploying a server.

This way, I wouldnt have to do anything manually on deployment, I would just need to put the SSH key password in as a stackscript variable on deploy.

Any thoughts would be much appreciated.


2 Replies

I know this is a pretty late, but I thought I'd still reply. First - I'm very curious how you were able to get your Stackscript to pause?

Automating ssh key generation

So Obviously, hard-coding an SSH key and reusing it is bad M'kay. Here is a one liner I got from here which automates the creation of the ssh key.

HOSTNAME=`hostname` ssh-keygen -t rsa -C "$HOSTNAME" -f "$HOME/.ssh/id_rsa" -P "" && cat ~/.ssh/

In my opinion, using this one-liner along with some of the answers / comments in this post should be able to ensure you a fully automated / silent key generation. Hint: You will probably want some redirection magic like 0>&-. I have't tested it yet.

Uploading the key to Github

This gist from here seems like it would work:

curl -u "user:pass" --data '{"title":"test-key","key":"'"$(cat ~/.ssh/"'"}'

But Github now has the CLI tool gh released, so you could just run something like:

gh ssh-key add ~/.ssh/

Here is the documentation / command. Hope this can help someone.

The key that gets handed to Github is the public key. It's designed to get handed out. The private key is the one you don't want to give to anyone.

-- sw


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct