kirkland at ubuntu.com
Thu Dec 16 05:01:22 EST 2010
We in the Ubuntu Server world have been using a handy little shell
utility for a couple of releases now, called 'ssh-import-id' .
Whereas ssh-copy-id _pushes_ a public key from one system to another,
ssh-import-id _pulls_ a public key from a secure key server and
It takes one or more userid's as command line arguments, loops over
them, sequentially attempts to retrieve public keys from a web api
(using wget or curl), and can write to stdout or to file
We find this particularly handy in the cloud world, where systems are
started from pristine images every time, and we need to a way to seed
the system with credentials before the first authentication. Here, we
can run something like 'ssh-import-id kirkland' during the boot
process, and my public key will be installed by the time I log in.
It's also really useful when and if you need to grant access to the
system to others, or perhaps start a system in the cloud on behalf of
someone else. Here, we can 'ssh-import-id kirkland smoser cjwatson',
and each of these keys are retrieved and installed.
We're using URL="https://launchpad.net/~%s/+sshkeys", where %s is a
userid, but this URL could really be configurable and point to any
public or private SSH public key server. An SSL connection to a https
site with a valid certificate is, of course, essential to the security
of the key retrieval. If there were a free/public SSH key server like
pgp.mit.edu for PGP/GPG keys, that would probably make a good default
(thought I haven't found anything like this).
Seeing the ssh-copy-id utility in SSH's contrib/ directory, I'm
hopeful you might consider this ssh-import-id tool for the project.
Before we get into reviewing the code, can you tell me if this is
something that would, or would not be interesting to openssh upstream?
Ubuntu Core Developer
More information about the openssh-unix-dev