homelab-docs/scripts/deploy-ssh-keys-homelab.sh

#!/bin/bash
# Deploy SSH public key to all LXC containers and VM 200 in homelab.
# Run from machine that can reach Proxmox (192.168.1.150).
# Usage: ./deploy-ssh-keys-homelab.sh [path-to-public-key]
# Default: ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub

set -e
PROXMOX="${PROXMOX:-root@192.168.1.150}"
KEY_FILE="${1:-$HOME/.ssh/id_rsa.pub}"
[ -f "$HOME/.ssh/id_ed25519.pub" ] && [ ! -f "$KEY_FILE" ] && KEY_FILE="$HOME/.ssh/id_ed25519.pub"

if [ ! -f "$KEY_FILE" ]; then
  echo "Usage: $0 [path-to-public-key]"
  echo "No key found at $KEY_FILE"
  exit 1
fi

CT_IDS="100 101 103 104 105 107 108 109"

echo "Deploying key from $KEY_FILE to homelab hosts..."

# Copy key to Proxmox temp, then deploy from there
TMP_KEY="/tmp/deploy-ssh-key-$$.pub"
scp -q "$KEY_FILE" "$PROXMOX:$TMP_KEY"
trap "ssh $PROXMOX 'rm -f $TMP_KEY'" EXIT

# Proxmox host
echo "Proxmox (192.168.1.150)..."
ssh "$PROXMOX" "mkdir -p /root/.ssh && chmod 700 /root/.ssh && grep -qF \"\$(cat $TMP_KEY)\" /root/.ssh/authorized_keys 2>/dev/null || cat $TMP_KEY >> /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys"

# LXC containers
for id in $CT_IDS; do
  echo "CT $id (192.168.1.$id)..."
  ssh "$PROXMOX" "pct exec $id -- bash -c 'mkdir -p /root/.ssh && chmod 700 /root/.ssh' && pct push $id $TMP_KEY /tmp/key.pub && pct exec $id -- bash -c 'grep -qF \"\$(cat /tmp/key.pub)\" /root/.ssh/authorized_keys 2>/dev/null || cat /tmp/key.pub >> /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys && rm /tmp/key.pub'"
done

# VM 200 (admin user; root may be disabled)
echo "VM 200 (admin@192.168.1.200)..."
ssh "$PROXMOX" "scp -o StrictHostKeyChecking=accept-new $TMP_KEY admin@192.168.1.200:/tmp/key.pub && ssh admin@192.168.1.200 'mkdir -p /home/admin/.ssh /root/.ssh && chmod 700 /home/admin/.ssh /root/.ssh 2>/dev/null; grep -qF \"\$(cat /tmp/key.pub)\" /home/admin/.ssh/authorized_keys 2>/dev/null || cat /tmp/key.pub >> /home/admin/.ssh/authorized_keys; echo \"\$(cat /tmp/key.pub)\" | sudo tee -a /root/.ssh/authorized_keys >/dev/null; chmod 600 /home/admin/.ssh/authorized_keys /root/.ssh/authorized_keys 2>/dev/null; rm /tmp/key.pub'"

echo "Done. Connect: ssh root@192.168.1.{100,101,103,104,105,107,108,109}, ssh admin@192.168.1.200"