Last active
December 17, 2024 19:02
-
-
Save kwmiebach/ecb0b0b3e1ee485168daa6adcd510bd2 to your computer and use it in GitHub Desktop.
Add public keys for a user to ~/.ssh/authorized_keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # GitHub SSH Key Updater | |
| # --------------------- | |
| # SECURITY WARNING: This script grants SSH access to your machine! | |
| # Only add keys from GitHub users you absolutely trust with full SSH access to your system. | |
| # Each added public key will allow that user to log into your machine via SSH. | |
| # | |
| # Purpose: | |
| # Fetches and merges public SSH keys from a GitHub user into your ~/.ssh/authorized_keys file, | |
| # effectively granting them SSH access to your machine. | |
| # | |
| # Usage: | |
| # ./update_github_keys.sh <github_username> | |
| # | |
| # Security Implications: | |
| # - The added user will have full SSH access to your machine | |
| # - Each backup preserves a record of previous authorized keys | |
| # | |
| # Features: | |
| # - Creates timestamped backups of existing authorized_keys | |
| # - Maintains proper SSH file permissions (600) | |
| # - Preserves existing keys while removing duplicates | |
| # - Validates GitHub API response | |
| # - Creates ~/.ssh directory if needed | |
| # | |
| # Example: | |
| # ./update_github_keys.sh trusted_colleague | |
| # | |
| # The script will: | |
| # 1. Backup your current authorized_keys file | |
| # 2. Fetch the user's public keys from GitHub | |
| # 3. Merge them with your existing keys | |
| # 4. Remove any duplicates | |
| # 5. Set correct file permissions | |
| # Check if GitHub username is provided | |
| if [ -z "$1" ]; then | |
| echo "Usage: $0 <github_username>" | |
| exit 1 | |
| fi | |
| GITHUB_USER="$1" | |
| TIMESTAMP=$(date -u +"%Y-%m-%dT%H%M%S") | |
| AUTH_KEYS_FILE="$HOME/.ssh/authorized_keys" | |
| TEMP_KEYS_FILE="/tmp/github_keys_${TIMESTAMP}_$$" | |
| BACKUP_FILE="${AUTH_KEYS_FILE}.${TIMESTAMP}.backup" | |
| # Create authorized_keys file if it doesn't exist | |
| mkdir -p "$HOME/.ssh" | |
| touch "$AUTH_KEYS_FILE" | |
| # Fetch GitHub keys | |
| echo "Fetching keys for GitHub user: $GITHUB_USER" | |
| if ! curl -s "https://github.com/$GITHUB_USER.keys" > "$TEMP_KEYS_FILE"; then | |
| echo "Error: Failed to fetch keys from GitHub" | |
| rm -f "$TEMP_KEYS_FILE" | |
| exit 1 | |
| fi | |
| # Check if any keys were found | |
| if [ ! -s "$TEMP_KEYS_FILE" ]; then | |
| echo "No SSH keys found for GitHub user: $GITHUB_USER" | |
| rm -f "$TEMP_KEYS_FILE" | |
| exit 1 | |
| fi | |
| # Create backup of current authorized_keys | |
| cp "$AUTH_KEYS_FILE" "$BACKUP_FILE" | |
| # Merge keys without duplicates | |
| cat "$TEMP_KEYS_FILE" "$AUTH_KEYS_FILE" | sort -u > "$AUTH_KEYS_FILE.new" | |
| mv "$AUTH_KEYS_FILE.new" "$AUTH_KEYS_FILE" | |
| # Cleanup | |
| rm -f "$TEMP_KEYS_FILE" | |
| # Set proper permissions | |
| chmod 600 "$AUTH_KEYS_FILE" | |
| echo "Successfully updated authorized_keys file" | |
| echo "Backup saved as: $BACKUP_FILE" | |
| echo "New keys added from: $GITHUB_USER" | |
| echo "WARNING: $GITHUB_USER now has SSH access to your machine" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment