refactor: finish moving ssh-* scripts to own installers

2026-02-14 17:49:53 +00:00 · 2021-11-21 11:43:55 +00:00
parent b1d3b44f96
commit 91512157ab
12 changed files with 274 additions and 215 deletions
--- a/ssh-adduser/install.sh
+++ b/ssh-adduser/install.sh
@@ -1 +0,0 @@
-../ssh-utils/ssh-adduser.sh
--- a/ssh-adduser/install.sh
+++ b/ssh-adduser/install.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+set -u
+
+function __install_ssh_adduser() {
+    my_cmd="ssh-adduser"
+
+    rm -f "$HOME/.local/bin/${my_cmd}"
+
+    webi_download \
+        "$WEBI_HOST/packages/${my_cmd}/${my_cmd}.sh" \
+        "$HOME/.local/bin/${my_cmd}"
+
+    chmod a+x "$HOME/.local/bin/${my_cmd}"
+
+    # run the command
+    "$HOME/.local/bin/${my_cmd}"
+}
+
+__install_ssh_adduser
--- a/ssh-adduser/ssh-adduser.sh
+++ b/ssh-adduser/ssh-adduser.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+set -e
+set -u
+
+function main() {
+
+    # Add User 'app'
+    # Picking 'app' by common convention (what Docker & Vagrant use).
+    my_new_user="${1:-"app"}"
+    #my_existing_user="${2:-"root"}"
+
+    # TODO would $EUID be better?
+    if [[ "root" != "$(whoami)" ]]; then
+        echo "webi adduser: running user is already a non-root user"
+        exit 0
+    fi
+
+    if [[ ! -e ~/.ssh/authorized_keys ]] || ! grep -v '#' ~/.ssh/authorized_keys; then
+        echo ""
+        echo "Error:"
+        echo "    You must add a key to ~/.ssh/authorized_keys before adding a new ssh user."
+        echo ""
+        echo "To fix:"
+        echo "    Run 'curl https://webinstall.dev/ssh-pubkey | bash' on your local system, "
+        echo "    then add that key to ~/.ssh/authorized_keys on this (the remote) system.  "
+        echo ""
+        exit 1
+    fi
+
+    adduser --disabled-password --gecos '' "$my_new_user"
+    my_password=$(openssl rand -hex 16)
+    printf '%s\n%s' "${my_password}" "${my_password}" | passwd "${my_new_user}"
+
+    # make 'app' a sudo-er (admin)
+    adduser "$my_new_user" sudo
+    echo "$my_new_user ALL=(ALL:ALL) NOPASSWD: ALL" | tee "/etc/sudoers.d/$my_new_user"
+
+    # allow users who can already login as 'root' to login as 'app'
+    mkdir -p "/home/$my_new_user/.ssh/"
+    chmod 0700 "/home/$my_new_user/.ssh/"
+    cp -r "${HOME}/.ssh/authorized_keys" "/home/$my_new_user/.ssh/"
+    chmod 0600 "/home/$my_new_user/.ssh/authorized_keys"
+    touch "/home/$my_new_user/.ssh/config"
+    chmod 0644 "/home/$my_new_user/.ssh/config"
+    chown -R "$my_new_user":"$my_new_user" "/home/$my_new_user/.ssh/"
+
+    # ensure that 'app' has an SSH Keypair
+    sudo -i -u "$my_new_user" bash -c "ssh-keygen -b 2048 -t rsa -f '/home/$my_new_user/.ssh/id_rsa' -q -N ''"
+    chown -R "$my_new_user":"$my_new_user" "/home/$my_new_user/.ssh/"
+
+    # Install webi for the new 'app' user
+    WEBI_HOST=${WEBI_HOST:-"https://webinstall.dev"}
+    sudo -i -u "$my_new_user" bash -c "curl -fsSL '$WEBI_HOST/webi' | bash" ||
+        sudo -i -u "$my_new_user" bash -c "wget -q -O - '$WEBI_HOST/webi' | bash"
+
+    # TODO ensure that ssh-password login is off
+    my_pass="$(grep 'PasswordAuthentication yes' /etc/ssh/sshd_config)"
+    my_pam=""
+    if [[ "Darwin" == "$(uname -s)" ]]; then
+        # Turn off PAM for macOS or it will allow password login
+        my_pam="$(grep 'UsePAM yes' /etc/ssh/sshd_config)"
+    fi
+    if [[ -n ${my_pass} ]] || [[ -n ${my_pam} ]]; then
+        echo "######################################################################"
+        echo "#                                                                    #"
+        echo "#                             WARNING                                #"
+        echo "#                                                                    #"
+        echo "# Found /etc/ssh/sshd_config:                                        #"
+        if [[ -n ${my_pass} ]]; then
+            echo "#     PasswordAuthentication yes                                     #"
+        fi
+        if [[ -n ${my_pam} ]]; then
+            echo "#     UsePAM yes                                                     #"
+        fi
+        echo "#                                                                    #"
+        echo "# This is EXTREMELY DANGEROUS and insecure.                          #"
+        echo "# We'll attempt to fix this now...                                   #"
+        echo "#                                                                    #"
+
+        sed -i 's/#\?PasswordAuthentication \(yes\|no\)/PasswordAuthentication no/' \
+            /etc/ssh/sshd_config
+
+        sed -i 's/#\?UsePAM \(yes\|no\)/UsePAM no/' \
+            /etc/ssh/sshd_config
+
+        if grep "PasswordAuthentication yes" /etc/ssh/sshd_config; then
+            echo "# FAILED. Please check /etc/ssh/sshd_config manually.                #"
+        else
+            echo "# Fixed... HOWEVER, you'll need to manually restart ssh:             #"
+            echo "#                                                                    #"
+            echo "#   sudo systemctl restart ssh                                       #"
+            echo "#                                                                    #"
+            echo "# (you may want to make sure you can login as the new user first)    #"
+        fi
+        echo "#                                                                    #"
+        echo "######################################################################"
+    fi
+
+    echo "Created user '${my_new_user}' as sudoer with a random password."
+    echo "(set a new password with 'password ${my_new_user}')"
+}
+
+main "${1:-app}"
--- a/ssh-pubkey/install.sh
+++ b/ssh-pubkey/install.sh
@@ -3,14 +3,18 @@ set -e
 set -u

 function __install_ssh_pubkey() {
-    MY_CMD="ssh-pubkey"
+    my_cmd="ssh-pubkey"

-    rm -f "$HOME/.local/bin/$MY_CMD"
-    webi_download "$WEBI_HOST/packages/$MY_CMD/$MY_CMD.sh" "$HOME/.local/bin/$MY_CMD"
-    chmod a+x "$HOME/.local/bin/$MY_CMD"
+    rm -f "$HOME/.local/bin/${my_cmd}"
+
+    webi_download \
+        "$WEBI_HOST/packages/${my_cmd}/${my_cmd}.sh" \
+        "$HOME/.local/bin/${my_cmd}"
+
+    chmod a+x "$HOME/.local/bin/${my_cmd}"

    # run the command
-    "$HOME/.local/bin/$MY_CMD"
+    "$HOME/.local/bin/${my_cmd}"
 }

 __install_ssh_pubkey
--- a/ssh-pubkey/ssh-pubkey.ps1
+++ b/ssh-pubkey/ssh-pubkey.ps1
@@ -1 +0,0 @@
-../ssh-utils/ssh-pubkey.ps1
--- a/ssh-pubkey/ssh-pubkey.ps1
+++ b/ssh-pubkey/ssh-pubkey.ps1
@@ -0,0 +1,46 @@
+#!/usr/bin/env pwsh
+
+# TODO: can we use some of this?
+# https://github.com/PowerShell/openssh-portable/blob/latestw_all/contrib/win32/openssh/FixUserFilePermissions.ps1
+
+if (!(Test-Path -Path "$Env:USERPROFILE/.ssh"))
+{
+    New-Item -Path "$Env:USERPROFILE/.ssh" -ItemType Directory -Force | out-null
+    #& icacls "$Env:USERPROFILE/.ssh" /inheritance:r
+    #& icacls "$Env:USERPROFILE/.ssh" /grant:r "$Env:USERNAME":"(F)"
+}
+
+if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/config"))
+{
+    New-Item -Path "$Env:USERPROFILE/.ssh/config" -ItemType "file" -Value ""
+    #& icacls "$Env:USERPROFILE/.ssh/config" /inheritance:r
+    #& icacls "$Env:USERPROFILE/.ssh/config" /grant:r "$Env:USERNAME":"(F)"
+}
+
+#if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/authorized_keys"))
+#{
+#    New-Item -Path "$Env:USERPROFILE/.ssh/authorized_keys" -ItemType "file" -Value ""
+#    #& icacls "$Env:USERPROFILE/.ssh/authorized_keys" /inheritance:r
+#    #& icacls "$Env:USERPROFILE/.ssh/authorized_keys" /grant:r "$Env:USERNAME":"(F)"
+#}
+
+if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/id_rsa"))
+{
+    & ssh-keygen -b 2048 -t rsa -f "$Env:USERPROFILE/.ssh/id_rsa" -q -N """"
+    echo ""
+}
+
+if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/id_rsa.pub"))
+{
+    & ssh-keygen -y -f "$Env:USERPROFILE/.ssh/id_rsa" > "$Env:USERPROFILE/.ssh/id_rsa.pub"
+    echo ""
+}
+
+# TODO use the comment (if any) for the name of the file
+echo ""
+echo "~/Downloads/id_rsa.$Env:USERNAME.pub":
+echo ""
+#rm -f "$Env:USERPROFILE/Downloads/id_rsa.$Env:USERNAME.pub":
+Copy-Item -Path "$Env:USERPROFILE/.ssh/id_rsa.pub" -Destination "$Env:USERPROFILE/Downloads/id_rsa.$Env:USERNAME.pub"
+& type "$Env:USERPROFILE/Downloads/id_rsa.$Env:USERNAME.pub"
+echo ""
--- a/ssh-pubkey/ssh-pubkey.sh
+++ b/ssh-pubkey/ssh-pubkey.sh
@@ -1 +0,0 @@
-../ssh-utils/ssh-pubkey.sh
--- a/ssh-pubkey/ssh-pubkey.sh
+++ b/ssh-pubkey/ssh-pubkey.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+set -e
+set -u
+
+function main() {
+
+    if [ ! -d "$HOME/.ssh" ]; then
+        mkdir -p "$HOME/.ssh/"
+        chmod 0700 "$HOME/.ssh/"
+    fi
+
+    if [ ! -f "$HOME/.ssh/config" ]; then
+        # for the benefit of VSCode
+        touch "$HOME/.ssh/config"
+        chmod 0644 "$HOME/.ssh/config"
+    fi
+
+    if [ ! -f "$HOME/.ssh/authorized_keys" ]; then
+        touch "$HOME/.ssh/authorized_keys"
+        chmod 0600 "$HOME/.ssh/authorized_keys"
+    fi
+
+    if [ ! -f "$HOME/.ssh/id_rsa" ]; then
+        ssh-keygen -b 2048 -t rsa -f "$HOME/.ssh/id_rsa" -q -N ""
+        echo >&2 ""
+    fi
+
+    if [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then
+        ssh-keygen -y -f "$HOME/.ssh/id_rsa" > "$HOME/.ssh/id_rsa.pub"
+        echo >&2 ""
+    fi
+
+    # TODO use the comment (if any) for the name of the file
+    echo >&2 ""
+    #shellcheck disable=SC2088
+    echo >&2 "~/Downloads/id_rsa.$(whoami).pub":
+    echo >&2 ""
+    rm -f "$HOME/Downloads/id_rsa.$(whoami).pub"
+    cp -r "$HOME/.ssh/id_rsa.pub" "$HOME/Downloads/id_rsa.$(whoami).pub"
+    cat "$HOME/Downloads/id_rsa.$(whoami).pub"
+    echo >&2 ""
+}
+
+main
--- a/ssh-setpass/install.sh
+++ b/ssh-setpass/install.sh
@@ -1 +0,0 @@
-../ssh-utils/ssh-setpass.sh
--- a/ssh-setpass/install.sh
+++ b/ssh-setpass/install.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+set -u
+
+function __install_ssh_setpass() {
+    my_cmd="ssh-setpass"
+
+    rm -f "$HOME/.local/bin/${my_cmd}"
+
+    webi_download \
+        "$WEBI_HOST/packages/${my_cmd}/${my_cmd}.sh" \
+        "$HOME/.local/bin/${my_cmd}"
+
+    chmod a+x "$HOME/.local/bin/${my_cmd}"
+
+    # run the command
+    echo ''
+    echo 'Set passphrase for ~/.ssh/id_rsa?'
+    "$HOME/.local/bin/${my_cmd}"
+}
+
+__install_ssh_setpass
--- a/ssh-setpass/ssh-setpass.sh
+++ b/ssh-setpass/ssh-setpass.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+set -u
+
+function main() {
+    my_key="${1:-"${HOME}/.ssh/id_rsa"}"
+    ssh-keygen -p -f "${my_key}"
+}
+
+main "${1:-}"
--- a/ssh-utils/install.sh
+++ b/ssh-utils/install.sh
@@ -1,10 +1,22 @@
 #!/bin/bash

 function __init_ssh_utils() {
-    rm -f "$HOME/.local/bin/ssh-pubkey" "$HOME/.local/bin/ssh-setpass" "$HOME/.local/bin/ssh-adduser"
-    webi_download "$WEBI_HOST/packages/ssh-utils/ssh-pubkey.sh" "$HOME/.local/bin/ssh-pubkey"
-    webi_download "$WEBI_HOST/packages/ssh-utils/ssh-setpass.sh" "$HOME/.local/bin/ssh-setpass"
-    webi_download "$WEBI_HOST/packages/ssh-utils/ssh-adduser.sh" "$HOME/.local/bin/ssh-adduser"
+    rm -f \
+        "$HOME/.local/bin/ssh-pubkey" \
+        "$HOME/.local/bin/ssh-setpass" \
+        "$HOME/.local/bin/ssh-adduser"
+    # done
+
+    webi_download \
+        "$WEBI_HOST/packages/ssh-pubkey/ssh-pubkey.sh" \
+        "$HOME/.local/bin/ssh-pubkey"
+    webi_download \
+        "$WEBI_HOST/packages/ssh-setpass/ssh-setpass.sh" \
+        "$HOME/.local/bin/ssh-setpass"
+    webi_download \
+        "$WEBI_HOST/packages/ssh-adduser/ssh-adduser.sh" \
+        "$HOME/.local/bin/ssh-adduser"
+
    chmod a+x "$HOME/.local/bin/ssh-"*
 }

--- a/ssh-utils/ssh-adduser.sh
+++ b/ssh-utils/ssh-adduser.sh
@@ -1,102 +0,0 @@
-#!/bin/bash
-
-function __run_ssh_adduser() {
-    set -e
-    set -u
-
-    # TODO would $EUID be better?
-    if [[ "root" != "$(whoami)" ]]; then
-        echo "webi adduser: running user is already a non-root user"
-        exit 0
-    fi
-
-    if [[ ! -e ~/.ssh/authorized_keys ]] || ! grep -v '#' ~/.ssh/authorized_keys; then
-        echo ""
-        echo "Error:"
-        echo "    You must add a key to ~/.ssh/authorized_keys before adding a new ssh user."
-        echo ""
-        echo "To fix:"
-        echo "    Run 'curl https://webinstall.dev/ssh-pubkey | bash' on your local system, "
-        echo "    then add that key to ~/.ssh/authorized_keys on this (the remote) system.  "
-        echo ""
-        exit 1
-    fi
-
-    # Add User 'app'
-    # Picking 'app' by common convention (what Docker & Vagrant use).
-    my_new_user="${1:-"app"}"
-    #my_existing_user="${2:-"root"}"
-    adduser --disabled-password --gecos '' "$my_new_user"
-    my_password=$(openssl rand -hex 16)
-    printf '%s\n%s' "${my_password}" "${my_password}" | passwd "${my_new_user}"
-
-    # make 'app' a sudo-er (admin)
-    adduser "$my_new_user" sudo
-    echo "$my_new_user ALL=(ALL:ALL) NOPASSWD: ALL" | tee "/etc/sudoers.d/$my_new_user"
-
-    # allow users who can already login as 'root' to login as 'app'
-    mkdir -p "/home/$my_new_user/.ssh/"
-    chmod 0700 "/home/$my_new_user/.ssh/"
-    cp -r "${HOME}/.ssh/authorized_keys" "/home/$my_new_user/.ssh/"
-    chmod 0600 "/home/$my_new_user/.ssh/authorized_keys"
-    touch "/home/$my_new_user/.ssh/config"
-    chmod 0644 "/home/$my_new_user/.ssh/config"
-    chown -R "$my_new_user":"$my_new_user" "/home/$my_new_user/.ssh/"
-
-    # ensure that 'app' has an SSH Keypair
-    sudo -i -u "$my_new_user" bash -c "ssh-keygen -b 2048 -t rsa -f '/home/$my_new_user/.ssh/id_rsa' -q -N ''"
-    chown -R "$my_new_user":"$my_new_user" "/home/$my_new_user/.ssh/"
-
-    # Install webi for the new 'app' user
-    WEBI_HOST=${WEBI_HOST:-"https://webinstall.dev"}
-    sudo -i -u "$my_new_user" bash -c "curl -fsSL '$WEBI_HOST/webi' | bash" ||
-        sudo -i -u "$my_new_user" bash -c "wget -q -O - '$WEBI_HOST/webi' | bash"
-
-    # TODO ensure that ssh-password login is off
-    my_pass="$(grep 'PasswordAuthentication yes' /etc/ssh/sshd_config)"
-    my_pam=""
-    if [[ "Darwin" == "$(uname -s)" ]]; then
-        # Turn off PAM for macOS or it will allow password login
-        my_pam="$(grep 'UsePAM yes' /etc/ssh/sshd_config)"
-    fi
-    if [[ -n ${my_pass} ]] || [[ -n ${my_pam} ]]; then
-        echo "######################################################################"
-        echo "#                                                                    #"
-        echo "#                             WARNING                                #"
-        echo "#                                                                    #"
-        echo "# Found /etc/ssh/sshd_config:                                        #"
-        if [[ -n ${my_pass} ]]; then
-            echo "#     PasswordAuthentication yes                                     #"
-        fi
-        if [[ -n ${my_pam} ]]; then
-            echo "#     UsePAM yes                                                     #"
-        fi
-        echo "#                                                                    #"
-        echo "# This is EXTREMELY DANGEROUS and insecure.                          #"
-        echo "# We'll attempt to fix this now...                                   #"
-        echo "#                                                                    #"
-
-        sed -i 's/#\?PasswordAuthentication \(yes\|no\)/PasswordAuthentication no/' \
-            /etc/ssh/sshd_config
-
-        sed -i 's/#\?UsePAM \(yes\|no\)/UsePAM no/' \
-            /etc/ssh/sshd_config
-
-        if grep "PasswordAuthentication yes" /etc/ssh/sshd_config; then
-            echo "# FAILED. Please check /etc/ssh/sshd_config manually.                #"
-        else
-            echo "# Fixed... HOWEVER, you'll need to manually restart ssh:             #"
-            echo "#                                                                    #"
-            echo "#   sudo systemctl restart ssh                                       #"
-            echo "#                                                                    #"
-            echo "# (you may want to make sure you can login as the new user first)    #"
-        fi
-        echo "#                                                                    #"
-        echo "######################################################################"
-    fi
-
-    echo "Created user '${my_new_user}' as sudoer with a random password."
-    echo "(set a new password with 'password ${my_new_user}')"
-}
-
-__run_ssh_adduser app
--- a/ssh-utils/ssh-adduser.sh
+++ b/ssh-utils/ssh-adduser.sh
@@ -0,0 +1 @@
+../ssh-adduser/ssh-adduser.sh
--- a/ssh-utils/ssh-pubkey.ps1
+++ b/ssh-utils/ssh-pubkey.ps1
@@ -1,46 +0,0 @@
-#!/usr/bin/env pwsh
-
-# TODO: can we use some of this?
-# https://github.com/PowerShell/openssh-portable/blob/latestw_all/contrib/win32/openssh/FixUserFilePermissions.ps1
-
-if (!(Test-Path -Path "$Env:USERPROFILE/.ssh"))
-{
-    New-Item -Path "$Env:USERPROFILE/.ssh" -ItemType Directory -Force | out-null
-    #& icacls "$Env:USERPROFILE/.ssh" /inheritance:r
-    #& icacls "$Env:USERPROFILE/.ssh" /grant:r "$Env:USERNAME":"(F)"
-}
-
-if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/config"))
-{
-    New-Item -Path "$Env:USERPROFILE/.ssh/config" -ItemType "file" -Value ""
-    #& icacls "$Env:USERPROFILE/.ssh/config" /inheritance:r
-    #& icacls "$Env:USERPROFILE/.ssh/config" /grant:r "$Env:USERNAME":"(F)"
-}
-
-#if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/authorized_keys"))
-#{
-#    New-Item -Path "$Env:USERPROFILE/.ssh/authorized_keys" -ItemType "file" -Value ""
-#    #& icacls "$Env:USERPROFILE/.ssh/authorized_keys" /inheritance:r
-#    #& icacls "$Env:USERPROFILE/.ssh/authorized_keys" /grant:r "$Env:USERNAME":"(F)"
-#}
-
-if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/id_rsa"))
-{
-    & ssh-keygen -b 2048 -t rsa -f "$Env:USERPROFILE/.ssh/id_rsa" -q -N """"
-    echo ""
-}
-
-if (!(Test-Path -Path "$Env:USERPROFILE/.ssh/id_rsa.pub"))
-{
-    & ssh-keygen -y -f "$Env:USERPROFILE/.ssh/id_rsa" > "$Env:USERPROFILE/.ssh/id_rsa.pub"
-    echo ""
-}
-
-# TODO use the comment (if any) for the name of the file
-echo ""
-echo "~/Downloads/id_rsa.$Env:USERNAME.pub":
-echo ""
-#rm -f "$Env:USERPROFILE/Downloads/id_rsa.$Env:USERNAME.pub":
-Copy-Item -Path "$Env:USERPROFILE/.ssh/id_rsa.pub" -Destination "$Env:USERPROFILE/Downloads/id_rsa.$Env:USERNAME.pub"
-& type "$Env:USERPROFILE/Downloads/id_rsa.$Env:USERNAME.pub"
-echo ""
--- a/ssh-utils/ssh-pubkey.ps1
+++ b/ssh-utils/ssh-pubkey.ps1
@@ -0,0 +1 @@
+../ssh-pubkey/ssh-pubkey.ps1
--- a/ssh-utils/ssh-pubkey.sh
+++ b/ssh-utils/ssh-pubkey.sh
@@ -1,44 +0,0 @@
-#!/bin/bash
-set -e
-set -u
-
-function _ssh_pubkey() {
-
-    if [ ! -d "$HOME/.ssh" ]; then
-        mkdir -p "$HOME/.ssh/"
-        chmod 0700 "$HOME/.ssh/"
-    fi
-
-    if [ ! -f "$HOME/.ssh/config" ]; then
-        # for the benefit of VSCode
-        touch "$HOME/.ssh/config"
-        chmod 0644 "$HOME/.ssh/config"
-    fi
-
-    if [ ! -f "$HOME/.ssh/authorized_keys" ]; then
-        touch "$HOME/.ssh/authorized_keys"
-        chmod 0600 "$HOME/.ssh/authorized_keys"
-    fi
-
-    if [ ! -f "$HOME/.ssh/id_rsa" ]; then
-        ssh-keygen -b 2048 -t rsa -f "$HOME/.ssh/id_rsa" -q -N ""
-        echo >&2 ""
-    fi
-
-    if [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then
-        ssh-keygen -y -f "$HOME/.ssh/id_rsa" > "$HOME/.ssh/id_rsa.pub"
-        echo >&2 ""
-    fi
-
-    # TODO use the comment (if any) for the name of the file
-    echo >&2 ""
-    #shellcheck disable=SC2088
-    echo >&2 "~/Downloads/id_rsa.$(whoami).pub":
-    echo >&2 ""
-    rm -f "$HOME/Downloads/id_rsa.$(whoami).pub"
-    cp -r "$HOME/.ssh/id_rsa.pub" "$HOME/Downloads/id_rsa.$(whoami).pub"
-    cat "$HOME/Downloads/id_rsa.$(whoami).pub"
-    echo >&2 ""
-}
-
-_ssh_pubkey
--- a/ssh-utils/ssh-pubkey.sh
+++ b/ssh-utils/ssh-pubkey.sh
@@ -0,0 +1 @@
+../ssh-pubkey/ssh-pubkey.sh
--- a/ssh-utils/ssh-setpass.sh
+++ b/ssh-utils/ssh-setpass.sh
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-function __init_ssh_setpass() {
-    set -e
-    set -u
-
-    ssh-keygen -p -f "$HOME/.ssh/id_rsa"
-}
-
-__init_ssh_setpass
--- a/ssh-utils/ssh-setpass.sh
+++ b/ssh-utils/ssh-setpass.sh
@@ -0,0 +1 @@
+../ssh-setpass/ssh-setpass.sh