53 lines
1.7 KiB
Markdown
53 lines
1.7 KiB
Markdown
# ssh-seed-keygen
|
|
|
|
A small tool for generating Ed25519 SSH keys with a twist: every key comes with a 24-word backup phrase, the same kind hardware wallets use. Lose the key file, still have the words — run recover, get your key back. Same key, every time.
|
|
|
|
## The idea
|
|
|
|
SSH keys are just random bytes. BIP39 is a standard for encoding random bytes as human-readable words. This tool generates 256 bits of entropy, turns it into both an SSH key and a mnemonic, and hands you both. Recovery is just the reverse — give back the 24 words, get back the exact same key pair.
|
|
|
|
## Getting started
|
|
|
|
```bash
|
|
bash setup.sh
|
|
```
|
|
|
|
That's it. Creates a virtualenv and installs the two dependencies.
|
|
|
|
## Generating a key
|
|
|
|
```bash
|
|
.venv/bin/python keygen.py generate
|
|
```
|
|
|
|
Saves the key to `~/.ssh/id_ed25519` by default, then prints your 24 words. Write them down somewhere offline. They're the only backup that matters.
|
|
|
|
A few useful flags:
|
|
|
|
```bash
|
|
# different output path
|
|
.venv/bin/python keygen.py generate -o ~/.ssh/id_ed25519_work
|
|
|
|
# add a comment to the public key (usually your email)
|
|
.venv/bin/python keygen.py generate -C you@example.com
|
|
|
|
# password-protect the key file on disk
|
|
.venv/bin/python keygen.py generate -p
|
|
```
|
|
|
|
## Recovering a key
|
|
|
|
```bash
|
|
# pass the words directly
|
|
.venv/bin/python keygen.py recover word1 word2 ... word24
|
|
|
|
# or just run it and paste them when prompted
|
|
.venv/bin/python keygen.py recover
|
|
```
|
|
|
|
Same flags apply — `-o` to control where the files land, `-p` if you want a passphrase on the recovered key.
|
|
|
|
## One thing to keep in mind
|
|
|
|
The mnemonic isn't a hint or a backup code — it literally encodes the private key. Anyone with those 24 words has your key. Store them accordingly.
|