https://github.com/moriyoshi/openssh-iam-ssh-public-key
This is a tiny program that retrieves registered SSH public keys for a specified IAM user and prints them to standard output.
https://github.com/moriyoshi/openssh-iam-ssh-public-key
aws iam iam-users openssh public-key-authentication ssh
Last synced: 2 months ago
JSON representation
This is a tiny program that retrieves registered SSH public keys for a specified IAM user and prints them to standard output.
- Host: GitHub
- URL: https://github.com/moriyoshi/openssh-iam-ssh-public-key
- Owner: moriyoshi
- License: mit
- Created: 2020-09-07T16:24:48.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2024-10-08T07:01:44.000Z (7 months ago)
- Last Synced: 2025-03-07T02:49:07.347Z (2 months ago)
- Topics: aws, iam, iam-users, openssh, public-key-authentication, ssh
- Language: Go
- Homepage:
- Size: 12.7 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# openssh-iam-ssh-public-key
This is a tiny program that retrieves registered SSH public keys for a specified IAM user and prints them to standard output.
## Synopsis
```
$ openssh-iam-ssh-public-key -user [USER]
```
`-user` option can be omitted, and output the keys for all the users then.
## Configuration
In addition to the default AWS SDK configuration scheme, it supports STS credentials for a assumed role through the following environment variables:
* `AWS_STS_SOURCE_PROFILE`
This specifies the AWS profile in ~/.aws/config used for retrieving temporary credentials.
* `AWS_STS_ASSUME_ROLE_ARN`
This specifies the ARN for the assumed (target) IAM role.
This program is particularly useful if you have the following setting in `/etc/ssh/sshd_config`:
```
AuthorizedKeysCommand openssh-iam-ssh-public-key -user %u
```
which enables one whose unix account name corresponds to an IAM user to get authenticated through the SSH keys associated in IAM.