remove remote alias instrucions because most people think this is insecure

set me to sshenc.sh
otherwise when executed with curl it returns something else
2025-08-02 19:30:05 +02:00 · 2019-01-14 16:00:17 +01:00 · 2019-01-14 11:52:04 +01:00 · 2019-01-14 10:48:59 +01:00 · 2019-01-14 10:42:21 +01:00 · 2019-01-14 10:36:23 +01:00
3 changed files with 34 additions and 48 deletions
--- a/README.md
+++ b/README.md
@@ -1,40 +1,3 @@
 # sshenc.sh

-bash script to encrypt data using a users ssh public key.
-
-> If you received a message from someone that was encrypted with this script, you can
-> decrypt it with your ssh private key using the following command:
-
-```
-./sshenc.sh -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt
-```
-
-## install
-```
-wget wget https://sshenc.sh/sshenc.sh
-chmod +x sshenc.sh
-```
-
-## examples
-
-### encrypt a file using your own ssh public key
-```
-./sshenc.sh -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt
-```
-
-### encrypt a file using multiple recipients (broadcast encryption)
-```
-./sshenc.sh -p ~/.ssh/id_rsa.pub -p id_rsa-alice.pub -p id_rsa-bob.pub < plain-text-file.txt > encrypted.txt
-```
-
-### encrypt a file using the public key of a github user
-```
-./sshenc.sh -p <(curl -sf "https://github.com/S2-.keys" | grep ssh-rsa | tail -n1) < plain-text-file.txt
-```
-
-this line fetches the first public key for the github user `S2-` and encrypts the file `plain-text-file.txt` using this key.
-
-### decrypt a file
-```
-./sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt
-```
+Please see [https://sshenc.sh/](https://sshenc.sh/) (or the index.html file in this repository) for instructions.
--- a/index.html
+++ b/index.html
@@ -19,17 +19,17 @@
 	</head>

 	<body>
-
-		<a href="https://github.com/S2-/sshenc.sh"><img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png" alt="Fork me on GitHub"></a>
+		<a href="https://github.com/S2-/sshenc.sh"><img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_green_007200.png" alt="Fork me on GitHub"></a>

 		<!-- Navigation -->
 		<nav class="navbar navbar-expand-lg navbar-dark bg-dark static-top">
 			<div class="container">
 				<a class="navbar-brand" href="#">sshenc.sh</a>
+				<!--
 				<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">
 					<span class="navbar-toggler-icon"></span>
 				</button>
-				<!--
+
 				<div class="collapse navbar-collapse" id="navbarResponsive">
 					<ul class="navbar-nav ml-auto">
 						<li class="nav-item active">
@@ -61,8 +61,8 @@
 					<p class="lead">bash script to encrypt data using a users ssh public key.</p>
 					<hr>
 					<div class="bd-callout bd-callout-info">
-						If you received a message from someone that was encrypted with this script, you can decrypt it with your ssh private key using the following command:<br>
-						<code>./sshenc.sh -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt</code>
+						If you received a message from someone that was encrypted with this script, you can decrypt it with your ssh private key using the following command without installing anything:<br>
+						<code>bash <(curl -s https://sshenc.sh/sshenc.sh) -s ~/.ssh/id_rsa < file-containing-the-encrypted-text.txt</code>
 					</div>
 				</div>
 			</div>
@@ -70,10 +70,32 @@
 			<div class="row">
 				<div class="col-lg-12">
 					<h2>Install</h2>
+					<hr>
+					<h3>Install locally</h3>
 					<div class="bd-callout bd-callout-info">
 						<code>wget https://sshenc.sh/sshenc.sh<br>
 						chmod +x sshenc.sh</code>
 					</div>
+					<!--
+
+					<h3>Run it from remote every time</h3>
+					If you are
+					<ul>
+					<li>really brave, and</li>
+					<li>want to be sure to run the latest version every time, or</li>
+					<li>maybe don't want/can't install files</li>
+					</ul>
+					you can use an alias that downloads and executes the script every time:<br>
+					<code>alias sshenc.sh='bash <(curl -s https://sshenc.sh/sshenc.sh)'</code>
+					<br>
+					<br>
+					To add it to your environment permanently:<br>
+					<code>echo "alias sshenc.sh='bash <(curl -s https://sshenc.sh/sshenc.sh)'" >> ~/.bashrc</code>
+					<br>
+					Be careful: if you do this you trust https://sshenc.sh/ to always return the same script. It's actually a remote code execution if someone hacks https://sshenc.sh/ or the server becomes malicious.
+					<br>
+					<br>
+					-->
 				</div>
 			</div>

@@ -84,23 +106,23 @@

 					<h3 id="encrypt-own">encrypt a file using your own ssh public key</h3>
 					<div class="bd-callout bd-callout-info">
-						<code>./sshenc.sh -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt</code>
+						<code>sshenc.sh -p ~/.ssh/id_rsa.pub < plain-text-file.txt > encrypted.txt</code>
 					</div>

 					<h3 id="encrypt-multi">encrypt a file using multiple recipients (broadcast encryption)</h3>
 					<div class="bd-callout bd-callout-info">
-						<code>./sshenc.sh -p ~/.ssh/id_rsa.pub -p id_rsa-alice.pub -p id_rsa-bob.pub < plain-text-file.txt > encrypted.txt</code>
+						<code>sshenc.sh -p ~/.ssh/id_rsa.pub -p id_rsa-alice.pub -p id_rsa-bob.pub < plain-text-file.txt > encrypted.txt</code>
 					</div>

 					<h3 id="encrypt-gh">encrypt a file using the public key of a github user</h3>
 					<div class="bd-callout bd-callout-info">
-						<code>./sshenc.sh -p <(curl -sf "https://github.com/S2-.keys" | grep ssh-rsa | tail -n1) < plain-text-file.txt</code>
+						<code>sshenc.sh -p <(curl -sf "https://github.com/S2-.keys" | grep ssh-rsa | tail -n1) < plain-text-file.txt</code>
 					</div>
 					<p>this line fetches the first public key for the github user S2- and encrypts the file plain-text-file.txt using this key.</p>

 					<h3 id="decrypt">dedecrypt a file</h3>
 					<div class="bd-callout bd-callout-info">
-						<code>./sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt</code>
+						<code>sshenc.sh -s ~/.ssh/id_rsa < encrypted.txt</code>
 					</div>
 				</div>
 			</div>
@@ -108,6 +130,7 @@
 			<div class="row">
 				<div class="col-lg-12">
 					<h2>License</h2>
+					<hr>
 					<a href="https://opensource.org/licenses/MIT">MIT</a>
 				</div>
 			</div>
--- a/sshenc.sh
+++ b/sshenc.sh
@@ -2,7 +2,7 @@

 OPTIND=1 # reset in case getopts has been used previously in the shell.

-me=`basename "$0"`
+me=sshenc.sh

 show_help() {
 cat << EOF
Author	SHA1	Message	Date
s2	f980cd28d0	remove remote alias instrucions because most people think this is insecure	2019-01-14 16:00:17 +01:00
s2	d90c21037c	set me to sshenc.sh otherwise when executed with curl it returns something else	2019-01-14 11:52:04 +01:00
s2	ee4b951a70	green ribbon	2019-01-14 10:48:59 +01:00
s2	3f396a28b4	point readme instructions to website so I don't have to write everything twice every time.	2019-01-14 10:42:21 +01:00
s2	5c602b3e4f	typo	2019-01-14 10:36:23 +01:00
s2	eeb0ef5633	install instructions	2019-01-14 10:33:50 +01:00
s2	9a966e99b4	better instructions	2019-01-14 10:18:41 +01:00