scripts/backtunnel-keys

#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-3.0-or-later
# Copyright (c) 2025 LUXIM d.o.o., Slovenia
# Author: Matjaž Mozetič
#
# Name: backtunnel-keys
# Summary: Manage the accessor-side BackTunnel SSH key pair.
# Description:
#   Provides simple operations for the dedicated BackTunnel SSH key (~/.ssh/id_ed25519_backtunnel):
#     - print: output the public key to stdout (generates key pair if missing)
#     - path : show filesystem paths for the private/public key
#
# Usage:
#   backtunnel-keys print         # print (and generate if missing) the public key
#   backtunnel-keys path          # print the private/public key paths
#
# Examples:
#   backtunnel-keys print > /tmp/accessor.pub
#   backtunnel-keys path
#
# Dependencies:
#   - bash
#   - ssh-keygen (for key generation on first use)
#
# Exit codes:
#   0  success
#   1  invalid usage, missing public key, or other error
#
# Notes:
#   - The key is generated with no passphrase for non-interactive usage by BackTunnel.
#   - Public key is printed to stdout for easy piping/redirection.

set -euo pipefail

KEY="$HOME/.ssh/id_ed25519_backtunnel"
PUB="$KEY.pub"

cmd="${1:-print}"

case "$cmd" in
  # print: ensure the key exists, then print the public key
  print)
    if [[ ! -f "$KEY" ]]; then
      ssh-keygen -t ed25519 -f "$KEY" -N "" -C "backtunnel" >/dev/null
    fi
    if [[ ! -f "$PUB" ]]; then
      echo "Missing public key $PUB" >&2; exit 1
    fi
    cat "$PUB"
    ;;
  # path: show private/public key locations
  path)
    echo "private: $KEY"
    echo "public : $PUB"
    ;;
  *)
    echo "Usage: $0 {print|path}" >&2
    exit 1
    ;;
esac
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`#!/usr/bin/env bash`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00			`# SPDX-License-Identifier: GPL-3.0-or-later`
			`# Copyright (c) 2025 LUXIM d.o.o., Slovenia`
			`# Author: Matjaž Mozetič`
			`#`
			`# Name: backtunnel-keys`
			`# Summary: Manage the accessor-side BackTunnel SSH key pair.`
			`# Description:`
			`# Provides simple operations for the dedicated BackTunnel SSH key (~/.ssh/id_ed25519_backtunnel):`
			`# - print: output the public key to stdout (generates key pair if missing)`
			`# - path : show filesystem paths for the private/public key`
			`#`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`# Usage:`
			`# backtunnel-keys print # print (and generate if missing) the public key`
			`# backtunnel-keys path # print the private/public key paths`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00			`#`
			`# Examples:`
			`# backtunnel-keys print > /tmp/accessor.pub`
			`# backtunnel-keys path`
			`#`
			`# Dependencies:`
			`# - bash`
			`# - ssh-keygen (for key generation on first use)`
			`#`
			`# Exit codes:`
			`# 0 success`
			`# 1 invalid usage, missing public key, or other error`
			`#`
			`# Notes:`
			`# - The key is generated with no passphrase for non-interactive usage by BackTunnel.`
			`# - Public key is printed to stdout for easy piping/redirection.`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00
			`set -euo pipefail`

			`KEY="$HOME/.ssh/id_ed25519_backtunnel"`
			`PUB="$KEY.pub"`

			`cmd="${1:-print}"`

			`case "$cmd" in`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00			`# print: ensure the key exists, then print the public key`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`print)`
			`if [[ ! -f "$KEY" ]]; then`
			`ssh-keygen -t ed25519 -f "$KEY" -N "" -C "backtunnel" >/dev/null`
			`fi`
			`if [[ ! -f "$PUB" ]]; then`
			`echo "Missing public key $PUB" >&2; exit 1`
			`fi`
			`cat "$PUB"`
			`;;`
Add comprehensive inline metadata documentation to all BackTunnel scripts 2025-09-21 09:45:43 +02:00			`# path: show private/public key locations`
Add accessor key authorization and enhance completion logic Introduce `backtunnel-authorize` for managing restricted SFTP-only keys, and update `backtunnel-share` to support temporary accessor key authorization via `--allow-key` and `--allow-known`. Extend bash completion with profile, accessor, and SSH host suggestions. Revamp README sections to include updated workflows, quick starts, and key management details. 2025-09-20 17:17:26 +02:00			`path)`
			`echo "private: $KEY"`
			`echo "public : $PUB"`
			`;;`
			`*)`
			`echo "Usage: $0 {print\|path}" >&2`
			`exit 1`
			`;;`
			`esac`