Automating SSH Key Setup: Introducing sshRemoteSetup

Published: February 20, 2026

← Back to Home

If you manage multiple remote Linux servers, you know the pain: manually generating SSH keys, copying them to each server, configuring SSH settings, and then trying to remember which key goes with which host. It’s tedious, error-prone, and frankly, not how modern DevOps workflows should work.

Enter sshRemoteSetup - a pair of tools (a .NET 10 app for Windows and a Bash shell script for Linux/macOS) that automate the entire process of transitioning your remote servers from password-based authentication to secure key-based authentication.

What Is sshRemoteSetup?

sshRemoteSetup provides two implementations of the same workflow:

• sshRemoteSetup.cs - A File-Based App written in C# for .NET 10, designed for Windows users.
• sshRemoteSetup.sh - A Bash shell script for Linux and macOS users.

Both tools are lightweight and powerful, orchestrating SSH key-based authentication setup on remote Linux machines. The brilliance of this tool lies in its security-progressive workflow: it uses your password to initially connect, sets up key-based authentication, and optionally locks down the server to reject password logins entirely.

Requirements

Windows (.NET Program)

• .NET 10 SDK (required for File-Based App compilation and execution)
• SSH tools (ssh-keygen must be available in PATH - typically pre-installed on Windows 10/11)

Linux / macOS (Shell Script)

• Bash (version 4+)
• ssh-keygen (typically pre-installed)
• sshpass (installed automatically if missing, requires sudo)

How It Works

The Authentication Journey

sshRemoteSetup follows an elegant step-by-step process:

1. Local Key Generation - Creates a unique ED25519 key pair on your local machine, named to match each remote server (e.g., id_ed25519_192.168.1.100)

2. Password Bootstrap - Uses your provided password to authenticate and connect to the remote machine (this is the only time you need the password)

3. Public Key Upload - Securely copies your public key to the remote server’s ~/.ssh/authorized_keys file

4. Server Configuration - Enables public key authentication in the remote sshd configuration

5. Optional Hardening - If requested, disables password authentication on the remote machine, forcing key-based access going forward

6. SSH Config Management - Automatically updates your local ~/.ssh/config file so future connections are seamless

Quick Start — Download & Run (Linux/macOS)

On Linux or macOS, you can run the shell script directly without cloning the repository:

wget -O - https://raw.githubusercontent.com/dahln/sshRemoteSetup/master/sshRemoteSetup.sh | sudo bash -s -- <IP_ADDRESS> <USERNAME> <PASSWORD>

Note: Replace <IP_ADDRESS>, <USERNAME>, and <PASSWORD> with your target server’s details.

Shell History Security Note

Passwords passed as command-line arguments appear in shell history. Clear them after use:

history -c && history -w

Running It (from a clone)

First, clone the repository:

git clone https://github.com/dahln/sshRemoteSetup.git
cd sshRemoteSetup

Linux / macOS — Make the script executable and run it:

chmod +x sshRemoteSetup.sh
./sshRemoteSetup.sh 192.168.1.100 ubuntu mypassword

Windows — Thanks to .NET 10’s File-Based App feature, there’s no complex project setup needed. Just run:

dotnet run sshRemoteSetup.cs 192.168.1.100 ubuntu mypassword

That’s it. Your remote server is now configured for key-based authentication.

Parameters

Why This Matters

For DevOps Teams

Imagine provisioning dozens of new servers. Instead of manually SSH-ing into each one and running key setup commands, you can automate the entire process:

# Linux / macOS
for server in 192.168.1.100 192.168.1.101 192.168.1.102; do
  ./sshRemoteSetup.sh $server ubuntu password 22 true
done

# Windows
for server in 192.168.1.100 192.168.1.101 192.168.1.102; do
  dotnet run sshRemoteSetup.cs $server ubuntu password 22 true
done

All your servers are now hardened against password-based attacks.

For Security-Conscious Administrators

ED25519 keys are cryptographically superior to RSA keys for new implementations. sshRemoteSetup uses ED25519 by default, and the optional password disabling feature means you can force key-based access company-wide. This eliminates weak passwords as an attack vector on your infrastructure.

For Windows and Linux Users

sshRemoteSetup supports both platforms. Windows users get a native .NET 10 app that integrates with Windows’ built-in SSH tools. Linux and macOS users get a Bash script that uses sshpass (auto-installed if missing) and works across Ubuntu/Debian and RHEL/CentOS/Fedora distributions.

Key Features at a Glance

• Password-to-Key Migration: Bootstrap with passwords, transition to keys
• Multi-Host Support: Generate unique keys for each remote machine
• Automatic SSH Config: Never manually configure SSH hosts again
• ED25519 Cryptography: Uses modern, efficient encryption standards
• Security Hardening: Optionally disable passwords after setup
• Smart Error Handling: Clear feedback and validation throughout
• Cross-Platform: Bash script for Linux/macOS, .NET 10 app for Windows

Real-World Example

Let’s say you’ve just stood up a new Ubuntu server at 192.168.1.100. You’re the admin user, and you know the temporary password is TempPass123. You want to secure it immediately:

# Linux / macOS
./sshRemoteSetup.sh 192.168.1.100 admin TempPass123 22 true

# Windows
dotnet run sshRemoteSetup.cs 192.168.1.100 admin TempPass123 22 true

What just happened:

• ✅ ED25519 key pair generated locally
• ✅ Public key uploaded to the remote server
• ✅ SSH config updated on your local machine
• ✅ Password authentication disabled on the remote server
• ✅ Your SSH config now has an entry for quick access

Now you can simply:

ssh 192.168.1.100

And you’re in - using secure key-based authentication, no passwords involved.

Review it, try it, enjoy it!!!