Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/binaryben/sync-ssh-keys

🔐 Keep ~/.ssh/authorized_keys of a server in sync with public SSH keys
https://github.com/binaryben/sync-ssh-keys

automation bitbucket-api devops devops-tools gitea-api github-api gitlab-api iam s3 ssh-key ssh-key-manager sync sysadmin

Last synced: 26 days ago
JSON representation

🔐 Keep ~/.ssh/authorized_keys of a server in sync with public SSH keys

Host: GitHub
URL: https://github.com/binaryben/sync-ssh-keys
Owner: binaryben
License: isc
Created: 2022-10-14T03:37:09.000Z (over 2 years ago)
Default Branch: production
Last Pushed: 2022-10-26T09:04:38.000Z (about 2 years ago)
Last Synced: 2023-06-08T08:30:40.542Z (over 1 year ago)
Topics: automation, bitbucket-api, devops, devops-tools, gitea-api, github-api, gitlab-api, iam, s3, ssh-key, ssh-key-manager, sync, sysadmin
Language: Nim
Homepage:
Size: 95.7 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

> **Warning**: The proposal for this software is currently being developed. Please do not attempt to use it yet.

# 🔐 Sync SSH Keys

![ISC License](https://img.shields.io/badge/license-ISC-green?style=for-the-badge) ![Project Status](https://img.shields.io/badge/status-💡%20PROPOSAL-yellow?style=for-the-badge)

Maintain access to your servers without fuss. Automate your `~/.ssh/authorized_keys` with ease.

_{The `sync-ssh-keys` command is a tool that downloads public SSH keys from Git providers (GitHub, Gitlab, Gitea and Bitbucket), S3 containers and IAM groups for authorized users of a server.}

![Divider](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/solar.png)

## ✨ Core features

* Support for multiple providers
* Automatic installation of service

![Divider](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/solar.png)

## ⌛️ Quick start

### Installation

**Debian / Ubuntu**

```sh
$ sudo add-apt-repository '{url to repo}'
$ apt update
$ apt install ssh-keys
```

Instructions for other operating systems

**Alpine**

```sh
apk add ssh-keys
```

**macOS**

```sh
$ brew tap binaryben/brew
$ brew install ssh-keys
```

> **Warning:** the below distros have not been tested by myself

**CentOS**

TODO:

**OpenSUSE**

TODO:

**FreeBSD**

TODO:

**Fedora**

TODO:

### ➤ Basic Usage

```sh
# Save me as an authorized user
# Replace my username (binaryben) with your own GitHub username below
$ ssh-keys add --user=binaryben

# Manually run command to sync the ssh keys
$ ssh-keys sync
```

### ➤ Scheduled updates

```sh
# Configure `ssh-keys sync` to run every hour on the hour
# Optional: This is already configured as the default update interval
ssh-keys config cron "0 * * * *"

# Install as a service
ssh-keys install
```

### ➤ Advanced usage

Run `ssh-keys --help` for more options

![Divider](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/solar.png)

## 🏎💨 Rate limiting

You most likely won't need to worry about being rate limited for very simple use cases. Once everything is setup and running (APIs may be called when adding users for the first time), running unauthenticated will work for servers with a few dozen users being synced once per hour.

If you run into rate limiting issues, follow the instructions below for the provider you are using:

Github

GitHub limits at a rate of 60 requests per hour for unauthenticated requests. Follow the instructions below to increase this to 5,000 per hour.

1. Visit your **Settings** > **Developer settings** > [**Personal access tokens**](https://github.com/settings/tokens) page
2. Click the "Generate token" button
3. Authenticate if requested
4. Give the token a title (e.g. "Sync SSH Keys")
5. Select no expiration[^expiration-security]
6. Tick `read:public_key`
7. Click generate token and copy the token to the clipboard
8. Run `ssh-keys config github.token `

Make sure you replace `` in Step 8 with the copied token from Step 7

[^expiration-security]: Give any personal authentication token a fixed expiration if you are enabling any scope that accesses private data.

Bitbucket

[Placeholder link to information](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#create-an-app-password)

Keep in mind the steps above are only for accessing public data via the respective APIs (i.e. publically available SSH keys). Other tokens may need to be provided elsewhere, but `ssh-keys` will prompt you when this is likely to be needed.

![Divider](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/solar.png)

## 🎨 Prior Art

* https://github.com/samber/sync-ssh-keys
* https://github.com/shoenig/ssh-key-sync
* https://github.com/wdatkinson/sync_ssh_keys
* https://github.com/dkbhadeshiya/ssh-iam-sync
* https://gist.github.com/lleger/6947bdecddac6563a05ead204d95af8e
* [And others...](https://github.com/search?q=sync+ssh+keys&type=Repositories)