SSH Key Generator POC One Keypair At A Time. A utility for deterministically generating SSH keypairs.
SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on..
Each keypair is generated by hashing together a "seed" or "master key" (should be at least 32 bytes, randomly generated, and kept secret) and a unique "handle" (using the same handle will result in the same keypair, but the handle does not need to be kept secret); the resulting SHA256 hash is used as the input for generating an Ed25519 keypair.
This allows the creation of a large number of unique keypairs without having to actually manage the keypairs individually. This allows for, say, using a different keypair for every host you need to log into, thus preventing someone from correlating different user accounts on different hosts by the public keys in authorized_keys.
This proof of concept implementation just generates one keypair at a time; ideally the keypairs would be generated on demand, perhaps by an SSH agent implementation (the key generation step should only take a few milliseconds).
Note that while Ed25519 allows for using any 32-byte input to generate a keypair, making this implementation trivial, implementing a similar scheme for other key types is probably possible in some cases (eg. ECDSA), and infeasible in others (DSA/RSA, probably).
You will need ghc and cabal, as well as the libsodium development files; on Debian/Ubuntu, the ghc and libsodium-dev packages are what you need.
$ git clone https://github.com/mithrandi/ssh-key-generator.git
$ cd ssh-key-generator
$ cabal sandbox init
$ cabal install
$ head -c 32 /dev/urandom > seed
$ cabal run ./seed HIMOM ./id_ed25519
$ ssh-keygen -y -f ./id_ed25519
./seed is the master key, HIMOM is the key handle, and ./id_ed25519 is the output file into which the private key will be placed. ssh-keygen is then invoked to print the public key out.