9.5.15. tpm ssh-copy-cert Command

The tpm ssh-copy-cert command executes all the required commands to generate the required ssh certificates required for SSH operation by tpm. Executing the command should generate the required directory, certificate and add that information to the required SSH files, then ensure that the directory permissions and ownership on ~/.ssh are set correctly.

For example, executing the command outputs the stages and progress:

shell> ./tools/tpm ssh-copy-cert
mkdir -p ~/.ssh
echo "-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnMSRTwBB2Ik6FOTZYxQkXglFivniLSRxcNw73UDVEGxPtsdN
p5qzXH+ktslyFHIPHHkJhs8jEnoWpzjpUmrhgqUUYg6zsxeL5I5w8UK5NJDmWRxV
lAE0uJ2TyNnm8uAVWGwokFPHmgeOzOsYjg3l4UAwx6WhFtiiKtfg6jlAQfethTQU
eRKZjICl7fHm2GLXNutfqfTdWKWsfRLQJm4WZEHqmZCBy3fRjnAnyeJPJcr8gPPl
ato000mJ66rdUT53TN91FwEWwC+vIacypKvFkbqwFHDCH60Vb0kMaQd/T4Y35E7s
wfEOnrjmSqSs7g0/a1NuSJr5ScgeezQxlNN8mQIDAQABAoIBAHx+idrQHHpmd+6R
0qUhIMRg3o5AZUJuN3xmGVBapRl2ulMvsVaRvzCM2XSjQ2pDLgbxhAQ/yN1qgUTp
KDlgUZgbmrVIcaKe52RpTf36e/PnwlYv7zIrRv/5e5w8l3B3Tdw7gHclYVTL/bZ0
WLqvBMi93j8eJHBtN1OIvr+jGYmIdlHjb+I2VcpQMfbAgxZVDNylOMe7+YZk0hj3
4i4etqTgUMONF/tKw8luPbfUGV0nM9a8eR4wJLxbjbP7YO0jG0OSFHwNgrMMCrKz
gyOgW6pWYAh2iId095Q/LGct3Yk77Dld8By6tgHa74IZwgUQb/iCTcbTaPHRErXL
vfhUqtUCgYEAzCX7VQMt2YJh0j/OEObWmIzGcCIC1GuIF1OkqaNauCm8aL/ydUdR
cHzGzXbWzIMd6vJ3ud7rwewFzymgGcyrmRig98D56TkCOHN+UnMMO30efzRGwEz5
FnwT2WxM4P87bKcVKrotDae3UruEJV6mAV2kGU8fnHqSOlNEOcGQW+sCgYEAxJXW
JrkZK4W8QJpUXZcywXem9SnOK6Q2RxOcSIfSpbxKPz62730E1RpeIiz76Wm33s81
06dkVWrhhSKh7KlIXte4Koq0Jj2S2gCc4cqxxuS0na+HZ90xSHIscgUp1tmeUrO5
X9Zqfgw04L665/cKY8BmJzqXZWG9+QRyJBCTvIsCgYEAiBtym9VIxlGlQnYDv0UI
IiEJVE14sYMX8uVzTR56J3q8AOKolgR8iZDHQslOoH9yfOg3Zpb3fA0OOnY4JbtN
VP8UotnoRNQbZOOrfvDxYOAkaw7BdQhcsd77pOQNxZylU+V5uUjzLL16/g/DJN8b
sqFp/O3B16PoxjYpsJAa3Q0CgYBxeBs4FrcUjAjxMSNpMhC14x6XfB3oyswZkpQu
uVc5GsmwX76v1XWom6OiDl0JiV/8V5Y2KPSc6Shq9GaKd9uyAsnmpFD/kaLl+lyT
Z6/dob0vF1YM+Xus2VoWJizUOqBMFDj3vIeTYfBTmUPBCLMSiMdt9T/V4OkKhypq
7raXqQKBgGrBGo/FoUdJFfadVwr66vsg1b+3q/GX4adnL3BnlC7QxJgzXHPHIvf9
z2c/P9Tw8M4lJX2hEOKCyGgxIbZ+fNPOsB8prdhbc/JZ1d4tUcZFtSCAjk3pwDmm
2MDp3ddCh/scfm8o2dxblKFsJJtaBska6ApN49AWa8W5GkcKG+or
-----END RSA PRIVATE KEY-----" > ~/.ssh/id_rsa
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcxJFPAEHYiToU5NljFCReCUWK+eItJHFw3DvdQNUQbE+2x02nmrNcf6S2yXIUcg8ceQmGzyMSehanOOlSauGCpRRiDrOzF4vkjnDxQrk0kOZZHFWUATS4nZPI2eby4BVYbCiQU8eaB47M6xiODeXhQDDHpaEW2KIq1+DqOUBB962FNBR5EpmMgKXt8ebYYtc261+p9N1Ypax9EtAmbhZkQeqZkIHLd9GOcCfJ4k8lyvyA8+Vq2jTTSYnrqt1RPndM33UXARbAL68hpzKkq8WRurAUcMIfrRVvSQxpB39PhjfkTuzB8Q6euOZKpKzuDT9rU25ImvlJyB57NDGU03yZ tungsten@cont-db1" > ~/.ssh/id_rsa.pub
touch ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*