Authorize SSH public keys from trusted online identities
Project description
ssh-import-id
You're logged onto a cloud instance working on a problem with your fellow devs, and you want to invite them to log in and take a look at these crazy log messages. What do?
Oh. You have to ask them to cat their public SSH key, paste it into IRC (wait, no, it's id_rsa.pub, not id_rsa silly!) then you copy it and cat it to the end of authorized_hosts.
That's where ssh-import-id comes in. With ssh-import-id, you can add the public SSH keys from a known, trusted online identity to grant SSH access.
Currently supported identities include GitHub, GitLab, and Launchpad.
Usage
ssh-import-id uses short prefix to indicate the location of the online identity. For now, these are:
'gh:' for GitHub
'gl:' for GitLab
'lp:' for Launchpad
Command line help:
usage: ssh-import-id [-h] [-o FILE] USERID [USERID ...]
Authorize SSH public keys from trusted online identities.
positional arguments:
USERID User IDs to import
optional arguments:
-h, --help show this help message and exit
-o FILE, --output FILE
Write output to file (default ~/.ssh/authorized_keys)
Example
If you wanted me to be able to ssh into your server, as the desired user on that machine you would use:
$ ssh-import-id gh:cmars
You can also import multiple users on the same line, even from different key services, like so:
$ ssh-import-id gh:cmars lp:kirkland gl:username
For self-hosted GitLab instances, set the GITLAB_URL environment variable:
$ GITLAB_URL=https://gitlab.example.com ssh-import-id gl:username
Used with care, it's a great collaboration tool!
Installing
ssh-import-id can be installed on Python >= 2.6 with a recent version of pip:
$ pip install ssh-import-id
ssh-import-id requires a recent version of Requests (>=1.1.0) for verified SSL/TLS connections.
Extending
You can add support for your own SSH public key providers by creating a script named ssh-import-id-prefix. Make the script executable and place it in the same bin directory as ssh-import-id.
The script should accept the identity username for the service it connects to, and output lines in the same format as an ~/.ssh/authorized_keys file.
If you do develop such a handler, I recommend that you connect to the service with SSL/TLS, and require a valid certificate and matching hostname. Use Requests.get(url, verify=True), for example.
Credits
This project is authored and maintained by Dustin Kirkland, Scott Moser, and Casey Marshall.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ssh_import_id-5.13.tar.gz.
File metadata
- Download URL: ssh_import_id-5.13.tar.gz
- Upload date:
- Size: 25.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d44bfb6d313abc865643d8b3aa9e6999c1a430a93eebe97f30a41773af15d2d1
|
|
| MD5 |
92f7836657046fd6cd7bd2707664d945
|
|
| BLAKE2b-256 |
21dc9b279d9b8e8afaa8978aa92cec923a09a59eab4417ac721a6295ae4e9a72
|
File details
Details for the file ssh_import_id-5.13-py3-none-any.whl.
File metadata
- Download URL: ssh_import_id-5.13-py3-none-any.whl
- Upload date:
- Size: 27.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
65a992ad32d784da0ebb258e6a1875dd801bca29fd8f5fad0331228b2ff1348d
|
|
| MD5 |
856c73391c5f47c33f2a69e1be1ba90c
|
|
| BLAKE2b-256 |
5d8e21ec3637b7c0b9146f84302990dca7740217f22a5c1974d32136f7a7a5d6
|
