meshd

Portable Bash tool to manage mesh SSH nodes and authorized keys using mesh-specific managed sections.

Current commands

• list
• add

Design

• Multiple meshes are supported via --mesh <name> (defaults to default).
• ~/.ssh/config is managed per mesh section:
  • # >>> MESHD SSH CONFIG MESH <mesh> - DO NOT TOUCH >>>
  • # <<< MESHD SSH CONFIG MESH <mesh> - DO NOT TOUCH <<<
• ~/.ssh/authorized_keys is managed per mesh section:
  • # >>> MESHD AUTHORIZED_KEYS MESH <mesh> - DO NOT TOUCH >>>
  • # <<< MESHD AUTHORIZED_KEYS MESH <mesh> - DO NOT TOUCH <<<
• meshd only reasons about its own section(s). Content outside those sections is ignored.

Defaults

meshd now follows SSH defaults unless flags are explicitly given:

• no implicit custom port
• no implicit user
• no implicit identity file

So generated Host blocks only include options you explicitly pass.

Usage

./meshd.sh list
./meshd.sh list --mesh office

./meshd.sh add --name node-a --host 10.0.0.10
./meshd.sh add --mesh office --name node-b --host node-b.internal --port 2222 --user mesh --identity ~/.ssh/mesh_id

./meshd.sh add --name node-c --host 10.0.0.12 --pubkey "ssh-ed25519 AAAA... node-c"
./meshd.sh add --mesh office --name node-d --host 10.0.0.13 --pubkey-file /tmp/node-d.pub

Optional files:

./meshd.sh add --name x --host 192.168.1.20 --config /tmp/ssh_config_test --authorized-keys /tmp/authorized_keys_test

Conflict flow (existing unmanaged Host block)

If ~/.ssh/config already has unmanaged config for the same Host <name>, meshd:

1. Shows the existing block.
2. Asks to move it into the target mesh.
3. If incoming settings differ, asks:
   • p: preserve old block and move it
   • n: use incoming options and move it
   • a: abandon

authorized_keys behavior

Key add is idempotent inside the mesh section only:

• if key exists in that mesh section, no-op
• if key exists outside meshd section, it is still added inside meshd section