Warning: The proposal for this software is currently being developed. Please do not attempt to use it yet.
Maintain access to your servers without fuss. Automate your ~/.ssh/authorized_keys with ease.
The sync-ssh-keys command is a tool that downloads public SSH keys from Git providers (GitHub, Gitlab, Gitea and Bitbucket), S3 containers and IAM groups for authorized users of a server.
- Support for multiple providers
- Automatic installation of service
Debian / Ubuntu
$ sudo add-apt-repository '{url to repo}'
$ apt update
$ apt install ssh-keysInstructions for other operating systems
Alpine
apk add ssh-keysmacOS
$ brew tap binaryben/brew
$ brew install ssh-keysWarning: the below distros have not been tested by myself
CentOS
TODO:
OpenSUSE
TODO:
FreeBSD
TODO:
Fedora
TODO:
# Save me as an authorized user
# Replace my username (binaryben) with your own GitHub username below
$ ssh-keys add --user=binaryben
# Manually run command to sync the ssh keys
$ ssh-keys sync# Configure `ssh-keys sync` to run every hour on the hour
# Optional: This is already configured as the default update interval
ssh-keys config cron "0 * * * *"
# Install as a service
ssh-keys installRun ssh-keys --help for more options
You most likely won't need to worry about being rate limited for very simple use cases. Once everything is setup and running (APIs may be called when adding users for the first time), running unauthenticated will work for servers with a few dozen users being synced once per hour.
If you run into rate limiting issues, follow the instructions below for the provider you are using:
Github
GitHub limits at a rate of 60 requests per hour for unauthenticated requests. Follow the instructions below to increase this to 5,000 per hour.
- Visit your Settings > Developer settings > Personal access tokens page
- Click the "Generate token" button
- Authenticate if requested
- Give the token a title (e.g. "Sync SSH Keys")
- Select no expiration1
- Tick
read:public_key - Click generate token and copy the token to the clipboard
- Run
ssh-keys config github.token <token>
Make sure you replace <token> in Step 8 with the copied token from Step 7
Keep in mind the steps above are only for accessing public data via the respective APIs (i.e. publically available SSH keys). Other tokens may need to be provided elsewhere, but ssh-keys will prompt you when this is likely to be needed.
- https://github.com/samber/sync-ssh-keys
- https://github.com/shoenig/ssh-key-sync
- https://github.com/wdatkinson/sync_ssh_keys
- https://github.com/dkbhadeshiya/ssh-iam-sync
- https://gist.github.com/lleger/6947bdecddac6563a05ead204d95af8e
- And others...
Footnotes
-
Give any personal authentication token a fixed expiration if you are enabling any scope that accesses private data. ↩