ssh-import-id

[Dustin Kirkland]

Howdy,

We in the Ubuntu Server world have been using a handy little shell
utility for a couple of releases now, called 'ssh-import-id' [1].

Whereas ssh-copy-id _pushes_ a public key from one system to another,
ssh-import-id _pulls_ a public key from a secure key server and
installs it.

It takes one or more userid's as command line arguments, loops over
them, sequentially attempts to retrieve public keys from a web api
(using wget or curl), and can write to stdout or to file
(~/.ssh/authorized_keys).

We find this particularly handy in the cloud world, where systems are
started from pristine images every time, and we need to a way to seed
the system with credentials before the first authentication.  Here, we
can run something like 'ssh-import-id kirkland' during the boot
process, and my public key will be installed by the time I log in.

It's also really useful when and if you need to grant access to the
system to others, or perhaps start a system in the cloud on behalf of
someone else.  Here, we can 'ssh-import-id kirkland smoser cjwatson',
and each of these keys are retrieved and installed.

We're using URL="https://launchpad.net/~%s/+sshkeys", where %s is a
userid, but this URL could really be configurable and point to any
public or private SSH public key server.  An SSL connection to a https
site with a valid certificate is, of course, essential to the security
of the key retrieval.  If there were a free/public SSH key server like
pgp.mit.edu for PGP/GPG keys, that would probably make a good default
(thought I haven't found anything like this).

Seeing the ssh-copy-id utility in SSH's contrib/ directory, I'm
hopeful you might consider this ssh-import-id tool for the project.
Before we get into reviewing the code, can you tell me if this is
something that would, or would not be interesting to openssh upstream?

-- 
:-Dustin

Dustin Kirkland
Ubuntu Core Developer