Fix duplicate .pub suffix if the file already has one

[agnosticlines]

When I was using a tool that uses the IdentityAgent setting to specify an IdentityFile that is a public key, the application would blindly append an additional .pub to the filename, even though there was already one there.

I fixed this locally, I'm not very familiar with Perl so it's possible I've done something wrong but this fix works for me

[dolmen]

Please read CONTRIBUTING.pod.

[dolmen]

I think that your setup is incorrect.

Private keys handled by github-keygen are supposed to have been created by github-keygen, so they don't have a .pub suffix.

If you edit manually the github-keygen block of ~/.ssh/config, this isn't supported and you're on your own.

[agnosticlines]

Maybe I'm misunderstanding but the tool provides the option to specify a key file location with the -i option, if it doesn't exist it will create it, but if it does exist it will reference it and append .pub to the filename for the public key, which is how I got them in there, I didn't manually edit the block:
File exists:

$ ls /tmp/1.key
/tmp/1.key
$ ./github-keygen test1 -i /tmp/1.key
...
+Host test1.github.com test1.gist.github.com test1.ssh.github.com test1.443.github.com
+IdentitiesOnly yes
+IdentityFile /tmp/1.key

 # -- github-keygen - end --

Done.

You now have to copy the public key for each user to your SSH settings at
<https://github.com/settings/keys>.
  test1:  /usr/bin/pbcopy < /tmp/1.key.pub
Then re-run github-keygen to check the registration works.

File doesn't exist:

$ ./github-keygen test2 -i /tmp/2.key
...
Creating private key /tmp/2.key for user test2...
Generating public/private ed25519 key pair.
Enter passphrase for "/tmp/2.key" (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/2.key
Your public key has been saved in /tmp/2.key.pub
The key fingerprint is:
...
The key's randomart image is:
...
github-keygen: test2: key not registered on GitHub!
No changes in ~/.ssh/known_hosts_github.
Saving ~/.ssh/config...
...
 IdentitiesOnly yes
 IdentityFile /tmp/2.key

+Host test2.github.com test2.gist.github.com test2.ssh.github.com test2.443.github.com
+IdentitiesOnly yes
+IdentityFile /tmp/2.key
+
 # -- github-keygen - end --

Done.

You now have to copy the public key for each user to your SSH settings at
<https://github.com/settings/keys>.
  test1:  /usr/bin/pbcopy < /tmp/2.key.pub
  test2:  /usr/bin/pbcopy < /tmp/2.key.pub
Then re-run github-keygen to check the registration works.
$ ls /tmp/2*
/tmp/2.key  /tmp/2.key.pub

I did try to follow the contributing instructions but it references a folder that doesn't exist xt which isn't in any of the branches as far as I can see? It also references scripts that don't exist such as release.pl so I just assumed it was boilerplate you used for other perl projects. I did do the fork and I did test everything to ensure it still works as expected.

UPDATE: Ah, I see, the xt/* and release.pl scripts are in the master branch, not the release branch, that's on me, sorry about that, I just git cloned the default branch.

Just looking at it I think I may have misunderstood how the tool I was using for SSH generates/references keys when using an IdentityAgent, it puts a .pub file on disk as a shim for releasing the key, sorry about that!

Maybe this could be a feature request/feature added to support IdentityAgent public keys?

[dolmen]

the tool provides the option to specify a key file location with the -i option

This is fair. It appears you're probably the first user to have used that option ;).

Tell me more about IdentityAgent. I won't be able to consider support for interactions with this tool if I can't test it.

[agnosticlines]

So I'm using Secretive, which loads SSH keys into the Secure Enclave (SEP) on Macs, the keys are never disclosed to the users machine and it requires authentication to authenticate with, it's quite cool!

So you add a new key, it generates the key in the SEP, it's never actually exposed, you get a path to a key file:

/Users/agnostic/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys/<hash>.pub

Which contains the public key (without any comment, hence why I made the additional regex tweak, and yeah.. I know, NIST curves...):

ecdsa-sha2-nistp256 AAAA...=

In order to specify a specific key to be loaded with an IdentityAgent you can specify the .pub file with the IdentityFile variable, as long as you have an IdentityAgent set, SSH will use this as a public key to ask the IdentityAgent to use the right key:

IdentityAgent /Users/agnostic/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh
IdentityFile /Users/agnostic/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys/<hash>.pub

You can find out more about how ssh does it by checking the ssh_config(5) man page:

IdentityFile
Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. You can also specify a public key file to use the corresponding private key that is loaded in ssh-agent(1) when the private key file is not present locally.