ssh-import-id
Scott Moser
smoser at ubuntu.com
Fri Dec 17 05:36:34 EST 2010
On Thu, 16 Dec 2010, Alex Bligh wrote:
>
>
> --On 16 December 2010 08:07:03 -0600 Dustin Kirkland <kirkland at ubuntu.com>
> wrote:
>
> > If that's a blocker to getting this tool upstream into openssh, I'll
> > gladly add a -u option.
>
> To be clear, I have no commit rights and am a mere user, so am not
> in a position to say it's a blocker. I'm just saying the more widely
> useful it is, the better, and we'd need that for it to be useful.
>
> Out of interest, in Scott's cloud-init stuff, I am pretty sure you
> populate the ssh key for the ubuntu user whereas the script in
> cloudinit runs as root. Does that mean you currently do:
> su ubuntu ssh-import-id keyfile
> or similar.
Well, cloud-init has built in code that takes a authorized key from a
metadata service and install that into a configured user's directory.
(On ec2 it comes from http://
http://169.254.169.254/latest/metadata/public-keys).
If you have additional keys that you need inserted, or you'd rather just
not deal with launching instances with '--key <mykeyname>', then you can
use "user-data" in ec2 to run a script that would include something like:
#!/bin/sh
sudo -Hu ubuntu ssh-import-id smoser
I personally don't use the user data for this that much, but I do quite
often use ssh-import-id to pull in another developers keys to an existing
instance to show them something (ie failure/bug or just to share the
resource with them).
I agree that the following is possibly simpler:
ssh-import-id -u ubuntu smoser
But I really don't think terribly so. Also, I had a merge request that
will dump the keys to a file or stdout also, rather than writing them to
$HOME/.ssh/authorized_keys.
Scott
More information about the openssh-unix-dev
mailing list