Skip to content

🔐 Keep ~/.ssh/authorized_keys of a server in sync with public SSH keys

License

Notifications You must be signed in to change notification settings

binaryben/sync-ssh-keys

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Warning: The proposal for this software is currently being developed. Please do not attempt to use it yet.



🔐 Sync SSH Keys


ISC License   Project Status

Maintain access to your servers without fuss. Automate your ~/.ssh/authorized_keys with ease.
The sync-ssh-keys command is a tool that downloads public SSH keys from Git providers (GitHub, Gitlab, Gitea and Bitbucket), S3 containers and IAM groups for authorized users of a server.


Divider

✨   Core features

  • Support for multiple providers
  • Automatic installation of service

Divider

⌛️   Quick start

Installation

Debian / Ubuntu

$ sudo add-apt-repository '{url to repo}'
$ apt update
$ apt install ssh-keys
Instructions for other operating systems

Alpine

apk add ssh-keys

macOS

$ brew tap binaryben/brew
$ brew install ssh-keys

Warning: the below distros have not been tested by myself

CentOS

TODO:

OpenSUSE

TODO:

FreeBSD

TODO:

Fedora

TODO:

➤   Basic Usage

# Save me as an authorized user
# Replace my username (binaryben) with your own GitHub username below
$ ssh-keys add --user=binaryben

# Manually run command to sync the ssh keys
$ ssh-keys sync

➤   Scheduled updates

# Configure `ssh-keys sync` to run every hour on the hour
# Optional: This is already configured as the default update interval
ssh-keys config cron "0 * * * *"

# Install as a service
ssh-keys install

➤   Advanced usage

Run ssh-keys --help for more options

Divider

🏎💨   Rate limiting

You most likely won't need to worry about being rate limited for very simple use cases. Once everything is setup and running (APIs may be called when adding users for the first time), running unauthenticated will work for servers with a few dozen users being synced once per hour.

If you run into rate limiting issues, follow the instructions below for the provider you are using:


Github

GitHub limits at a rate of 60 requests per hour for unauthenticated requests. Follow the instructions below to increase this to 5,000 per hour.

  1. Visit your Settings > Developer settings > Personal access tokens page
  2. Click the "Generate token" button
  3. Authenticate if requested
  4. Give the token a title (e.g. "Sync SSH Keys")
  5. Select no expiration1
  6. Tick read:public_key
  7. Click generate token and copy the token to the clipboard
  8. Run ssh-keys config github.token <token>

Make sure you replace <token> in Step 8 with the copied token from Step 7


Bitbucket

Placeholder link to information


Keep in mind the steps above are only for accessing public data via the respective APIs (i.e. publically available SSH keys). Other tokens may need to be provided elsewhere, but ssh-keys will prompt you when this is likely to be needed.

Divider

🎨   Prior Art

Footnotes

  1. Give any personal authentication token a fixed expiration if you are enabling any scope that accesses private data.