This script can be used to collect ssh public keys of users listed in
keys.ini file and write them to a separate file.
It is also possible to collect keys of users that
are part of a Github organization.
You can then use the generated files for keeping your ssh machines authorized_keys file up to date with changes to your user ssh keys.
You could for example serve the key output folder over https and then
curl https://youserver.com/keys/core-team > /root/.ssh/authorized_keys
in your target machine.
-
Copy
keys.serviceandkeys.timerto/etc/systemd/systemfolder -
Edit
keys.serviceWorkingDirectorysets where the final keys are put- Environment variable
GITHUB_TOKENis used to access organization members - Environment variable
KEYS_CONFIGsets the path to.iniconfig file - In
ExecStartline point Python to correctkeys.pypath
-
Edit
keys.timerto set update refresh rate. -
Create keys.ini file. Here are some examples.
- Write single user keys to a file
$PWD/authorized_keys[authorized_keys] users = artizirk - Write keys of several users to a file
$PWD/dev_team_keys[dev_team_keys] users = artizirk, CoolUser123 - Write keys of all the organization members to
$PWD/all_of_us[all_of_us] org = Teamer - Write keys of only organization members that are part of some teams
[core-team] org = Teamer teams = devs, testers - Write keys of only organization members that are part of some teams
and add few other users that are not part of the organization
[core-team+power-users] org = Teamer teams = devs, testers users = artizirk, CoolUser123
keys.inifile can contain several sections, each section is written to a separate file.In each section, the
orgkey can contain only a single Github Organization.teamskey can contain a list of comma (,) separated list of teams whose keys will be included.userskey can contain a list of comma (,) separated list of any Github users. User does not have to be a part of any team. - Write single user keys to a file
-
Running it
-
systemctl start keys.service -
GITHUB_TOKEN=sadfsadf python3 keys.py
-