ssh-import-id

Import ssh keys from plain http url

Bug #1782764 reported by Arti Zirk on 2018-07-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ssh-import-id	Confirmed	Wishlist	Unassigned

Bug Description

It would be nice if it were possible to import ssh key by just running
`ssh-import-id https://mypage.test/keys` or something similar.

I have written a patch attached below that does that.

[PATCH] Implement public key import from plain http url

This commit will enable generic http/https ssh key importer
that does not depend on pre existing support for special API.

Quite many diferent services already have support for providing
ssh public keys in a plain text authorized_keys file format.
Also setting it up on your own controlled http server is quite easy.

Just give ssh-import-id a url with ssh keys and it will do the rest.

Examples:
Import from self hosted https server
ssh-import-id https://arti.ee/keys

Import from a Gogs git service
ssh-imoprt-id https://try.gogs.io/unknwon.keys

Import from Debian GitLab instance
ssh-import-id https://salsa.debian.org/artizirk-guest.keys

Import from Github without using the json api
ssh-import-id https://github.com/artizirk.keys

Revision history for this message

Arti Zirk (artizirk) wrote on 2018-07-20:

0001-Implement-public-key-import-from-plain-http-url.patch Edit (2.1 KiB, text/plain)

Scott Moser (smoser) on 2018-12-13

Changed in ssh-import-id:
status:	New → Triaged
importance:	Undecided → Medium
status:	Triaged → Confirmed
importance:	Medium → Wishlist

Revision history for this message

Christian Glahn (cpglahn) wrote on 2021-02-18:

Today I ran into something similar, but we have a larger user base that uses different (public and self-hosted) platforms, so just one URL won't be enough. I thought about a more general solution to the problem.

As many platforms offer a similar protocol, it would make sense to allow admins to register protos (like lp and gh) in /etc/ssh/ssh_import_id.

My ideal format for that file would look as following:

{
  "_comment_": "...",
  "URL": "https://launchpad.net/~%s/+sshkeys",
  "protos": {
     "lp": {
       "URL": "https://launchpad.net/~%s/+sshkeys"
     },
     "gh": {
       "URL": "https://api.github.com/users/%s/keys"
     },
     "gl": {
       "URL": "https://gitlab.com/%s.keys"
     },
     "home": {
       "URL": "https://api.self-hosted-server.example.com/users/%s/keys"
     }
  }
}

This would offer much greater flexibility and would allow us to draw on our different solutions without touching the defaults.

It might be possible even to add a hint, if the format is GH's JSON or ssh's authorized_keys as used by LP.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

0001-Implement-public-key-import-from-plain-http-url.patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.