#!/bin/bash

#
# This script generates an ed25519 SSH key for a service account,
# adds the public part to the service account's authorized_keys file,
# and prints the private part of the key to the console.
#

read -p 'Service Account: ' account
sudo -u "$account" -H -- bash -c "cd ~; rm -f key key.pub; mkfifo key key.pub; cat key && cat key.pub >> /etc/ssh/authorized_keys/$account & echo \"y\" | ssh-keygen -q -t ed25519 -N \"\" -f key &>/dev/null; rm -f key key.pub"