Last active
October 8, 2025 20:44
-
-
Save HashWarlock/cd5bf3c1750425cc59452fc25e570e3e to your computer and use it in GitHub Desktop.
SSH Keygen with Dstack Deterministic Key Generator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SSH Key Generation from Dstack Keys | |
| # Run this notebook to generate SSH keys from deterministic dstack keys | |
| # ## Install Dependencies | |
| # Run this cell first if PyNaCl isn't installed | |
| # !pip install PyNaCl | |
| # ## Import Libraries | |
| import base64 | |
| import struct | |
| import json | |
| import urllib.request | |
| from nacl.signing import SigningKey | |
| from nacl.encoding import RawEncoder | |
| # ## Key Generation Functions | |
| def key_to_ssh_private(hex_key: str, comment: str = "dstack-key") -> str: | |
| """Convert hex key to OpenSSH ed25519 private key format""" | |
| seed = bytes.fromhex(hex_key) | |
| signing_key = SigningKey(seed) | |
| private_key = signing_key._signing_key | |
| public_key = signing_key.verify_key.encode(encoder=RawEncoder) | |
| AUTH_MAGIC = b"openssh-key-v1\0" | |
| check = 0x12345678 | |
| private_blob = b"" | |
| private_blob += struct.pack(">I", check) | |
| private_blob += struct.pack(">I", check) | |
| keytype = b"ssh-ed25519" | |
| private_blob += struct.pack(">I", len(keytype)) + keytype | |
| private_blob += struct.pack(">I", len(public_key)) + public_key | |
| full_private = private_key + public_key | |
| private_blob += struct.pack(">I", len(full_private)) + full_private | |
| comment_bytes = comment.encode('utf-8') | |
| private_blob += struct.pack(">I", len(comment_bytes)) + comment_bytes | |
| pad_len = 8 - (len(private_blob) % 8) | |
| private_blob += bytes(range(1, pad_len + 1)) | |
| key_data = AUTH_MAGIC | |
| cipher = b"none" | |
| kdf = b"none" | |
| key_data += struct.pack(">I", len(cipher)) + cipher | |
| key_data += struct.pack(">I", len(kdf)) + kdf | |
| key_data += struct.pack(">I", 0) | |
| key_data += struct.pack(">I", 1) | |
| public_blob = struct.pack(">I", len(keytype)) + keytype | |
| public_blob += struct.pack(">I", len(public_key)) + public_key | |
| key_data += struct.pack(">I", len(public_blob)) + public_blob | |
| key_data += struct.pack(">I", len(private_blob)) + private_blob | |
| encoded = base64.b64encode(key_data).decode('ascii') | |
| lines = [encoded[i:i+70] for i in range(0, len(encoded), 70)] | |
| return ( | |
| "-----BEGIN OPENSSH PRIVATE KEY-----\n" + | |
| "\n".join(lines) + | |
| "\n-----END OPENSSH PRIVATE KEY-----\n" | |
| ) | |
| def key_to_ssh_public(hex_key: str, comment: str = "dstack-key") -> str: | |
| """Convert hex key to SSH public key format""" | |
| seed = bytes.fromhex(hex_key) | |
| signing_key = SigningKey(seed) | |
| public_key = signing_key.verify_key.encode(encoder=RawEncoder) | |
| keytype = b"ssh-ed25519" | |
| blob = struct.pack(">I", len(keytype)) + keytype | |
| blob += struct.pack(">I", len(public_key)) + public_key | |
| encoded = base64.b64encode(blob).decode('ascii') | |
| return f"ssh-ed25519 {encoded} {comment}" | |
| def fetch_dstack_key(path: str, purpose: str = "signing", socket_path: str = "/var/run/dstack.sock"): | |
| """Fetch key from dstack socket""" | |
| import socket | |
| import http.client | |
| # Create Unix socket connection | |
| conn = http.client.HTTPConnection("localhost") | |
| conn.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) | |
| conn.sock.connect(socket_path) | |
| # Make request | |
| conn.request("GET", f"/GetKey?path={path}&purpose={purpose}") | |
| response = conn.getresponse() | |
| data = json.loads(response.read()) | |
| conn.close() | |
| return data['key'] | |
| # ## Usage Examples | |
| # ### Option 1: Fetch from Dstack Socket | |
| # Uncomment and configure: | |
| path = "my/key/path" | |
| purpose = "signing" | |
| hex_key = fetch_dstack_key(path, purpose) | |
| print(f"Fetched key: {hex_key}") | |
| # ### Option 2: Use Example Key Directly | |
| #hex_key = "4a555931583341c9731c15e6f4326c04ecf0810a30eb05c2b1907fb2e6c5fbd8" | |
| #print(f"Using key: {hex_key}") | |
| # ## Generate SSH Keys | |
| private_key = key_to_ssh_private(hex_key, comment="[email protected]") | |
| public_key = key_to_ssh_public(hex_key, comment="[email protected]") | |
| print("=" * 70) | |
| print("PRIVATE KEY (id_ed25519)") | |
| print("=" * 70) | |
| print(private_key) | |
| print("=" * 70) | |
| print("PUBLIC KEY (id_ed25519.pub)") | |
| print("=" * 70) | |
| print(public_key) | |
| # ## Save Keys to Files | |
| # Uncomment to save: | |
| import os | |
| with open("id_ed25519", "w") as f: | |
| f.write(private_key) | |
| os.chmod("id_ed25519", 0o600) | |
| with open("id_ed25519.pub", "w") as f: | |
| f.write(public_key) | |
| os.chmod("id_ed25519.pub", 0o644) | |
| print("✓ Keys saved!") | |
| print(" Private: id_ed25519 (chmod 600)") | |
| print(" Public: id_ed25519.pub (chmod 644)") | |
| # ## Test the Keys | |
| # You can test the generated keys: | |
| # !ssh-keygen -l -f id_ed25519.pub | |
| # | |
| # Or use them directly: | |
| # !ssh -i id_ed25519 user@hostname |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment