klucznik

Manage your ssh access keys automatically by for ex. synchronizing them from github.

Installation

$ cargo install --locked klucznik

Install the binary to some globally accessible place:

bash $ sudo install ~/.cargo/bin/klucznik /usr/local/bin/klucznik

warning this will overwrite your authorized_keys file!

Set-up a cron job similar to this:

bash * 12 * * * /usr/local/bin/klucznik --source https://github.com/<your username>.keys --destination /home/<user>/.ssh/authorized_keys

You can add more sources via more flags.

Alternatively, use ssh-key-dir to not overwrite your authorized_keys:

bash * 12 * * * /usr/local/bin/klucznik --source https://github.com/<your username>.keys --destination /home/<user>/.ssh/authorized_keys.d/klucznik

Then configure your AuthorizedKeysCommand in sshd_config to use ssh-key-dir to that ssh reads your overlays from that folder.

Change the following settings in your sshd_config:

AuthorizedKeysCommand /usr/local/bin/klucznik --source https://github.com/<username>.keys AuthorizedKeysCommandUser root

[ ] refine AuthorizedKeysCommand support (ability to use this instead of ssh-key-dir.
[ ] ability to authorize directly from URLs (use AuthorizedKeysCommand and no authorized_keys
[ ] make sure cache data properly so that it can still authenticate if Github/Gitlab is currently down.
[ ] ability to chain commands in AuthorizedKeysCommand