ssh-import-idコマンドを試す

最近知ったLaunchPad/GitHUBの鍵を読み込んでインポートするコマンドを知りました.昔同名のコマンドか何かがOpenSSHにもあった気がするけどそれは今なくて別物みたい?

動きはこんな感じ

  • lp:USERID でLaunchPadの鍵をインポート

  • gh:USERID でGitHUBの鍵をインポート

  • USERID でLaunchPadの鍵をインポート

  • USERID は複数指定可能

  • 鍵は ~/.ssh/authorized_keys に書き込まれる

  • -o で書き出すファイルが指定可能`-`だとSTDOUT

  • -r で鍵削除

$ apt show ssh-import-id
Package: ssh-import-id
Version: 3.21-1
Priority: extra
Section: misc
Maintainer: Dustin Kirkland <kirkland@ubuntu.com>
Installed-Size: 98.3 kB
Depends: ca-certificates, openssh-client, python-requests (>= 1.1.0), wget, python (>= 2.7), python (<< 2.8)
Recommends: openssh-server
Homepage: http://launchpad.net/ssh-import-id
Download-Size: 17.7 kB
APT-Manual-Installed: yes
APT-Sources: http://dennou-q.gfd-dennou.org/debian stretch/main amd64 Packages
Description: securely retrieve an SSH public key and install it locally
 This utility will securely contact a public keyserver (Launchpad.net by
 default, but Github.com is also supported), retrieve one or more user's
 public keys, and append these to the current user's ~/.ssh/authorized_keys
 file.
$ ssh-import-id -h
usage: ssh-import-id [-h] [-o FILE] [-r] USERID [USERID ...]

Authorize SSH public keys from trusted online identities.

positional arguments:
  USERID                User IDs to import

optional arguments:
  -h, --help            show this help message and exit
  -o FILE, --output FILE
                        Write output to file (default ~/.ssh/authorized_keys)
  -r, --remove          Remove a key from authorized keys file

LaunchPadの matoken の鍵をインポート

$ ssh-import-id -o - lp:matoken
2016-04-10 19:07:35,698 INFO Authorized key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k','(RSA)']
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k# ssh-import-id lp:matoken
2016-04-10 19:07:35,698 INFO [1] SSH keys [Authorized]

これもLaunchPadの matoken の鍵をインポート

$ ssh-import-id -o - matoken
2016-04-10 19:08:26,513 INFO Authorized key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k','(RSA)']
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k# ssh-import-id lp:matoken
2016-04-10 19:08:26,513 INFO [1] SSH keys [Authorized]

GitHUBの matoken の鍵をインポート.複数あると全部インポートされるよう.

$ ssh-import-id -o - gh:matoken
2016-04-10 19:07:24,965 INFO Authorized key ['256', 'SHA256:B+hArXsApncIXlNlHoHnYxEV3Wfl9WdQLp5TwuTjqjY', 'matoken@github/8506592','(ECDSA)']
2016-04-10 19:07:24,972 INFO Authorized key ['256', 'SHA256:Jv7NHotumFU7z1fCRkJnfKwR0EtAweHWMIrduS4dXeM', 'matoken@github/16598604','(ED25519)']
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA0otYIHWIP6/Zt1t3Zj1FBPEiq6dcOUItrxlfwfyvlVAqRRDWqdZQEA5jdYNWU/vSaxZZ6STCKfiEwORdQvqa8= matoken@github/8506592# ssh-import-id gh:matoken
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgwY9aZPxN/YoBBzd7TOcCk7EuGO0E9PuUjCHPtTuHP matoken@github/16598604# ssh-import-id gh:matoken
2016-04-10 19:07:24,972 INFO [2] SSH keys [Authorized]

LaunchPadとGitHUBを同時にインポート.

$ ssh-import-id -o ~/tmp/authorized_keys gh:matoken lp:matoken
2016-04-10 19:55:51,043 INFO Authorized key ['256', 'SHA256:B+hArXsApncIXlNlHoHnYxEV3Wfl9WdQLp5TwuTjqjY', 'matoken@github/8506592', '(ECDSA)']
2016-04-10 19:55:51,058 INFO Authorized key ['256', 'SHA256:Jv7NHotumFU7z1fCRkJnfKwR0EtAweHWMIrduS4dXeM', 'matoken@github/16598604', '(ED25519)']
2016-04-10 19:55:53,031 INFO Authorized key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k', '(RSA)']
2016-04-10 19:55:53,034 INFO [3] SSH keys [Authorized]
$ cat ~/tmp/authorized_keys
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA0otYIHWIP6/Zt1t3Zj1FBPEiq6dcOUItrxlfwfyvlVAqRRDWqdZQEA5jdYNWU/vSaxZZ6STCKfiEwORdQvqa8= matoken@github/8506592 # ssh-import-id gh:matoken
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgwY9aZPxN/YoBBzd7TOcCk7EuGO0E9PuUjCHPtTuHP matoken@github/16598604 # ssh-import-id gh:matoken
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k # ssh-import-id lp:matoken

-r で鍵の削除.

$ ssh-import-id -r -o ~/tmp/authorized_keys gh:matoken
2016-04-10 19:56:08,827 INFO Removed labeled key ['256', 'SHA256:B+hArXsApncIXlNlHoHnYxEV3Wfl9WdQLp5TwuTjqjY', 'matoken@github/8506592', '(ECDSA)']
2016-04-10 19:56:08,837 INFO Removed labeled key ['256', 'SHA256:Jv7NHotumFU7z1fCRkJnfKwR0EtAweHWMIrduS4dXeM', 'matoken@github/16598604', '(ED25519)']
2016-04-10 19:56:08,837 INFO [2] SSH keys [Removed]
$ cat ~/tmp/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k # ssh-import-id lp:matoken

$ ssh-import-id -r -o ~/tmp/authorized_keys matoken
2016-04-10 19:57:54,852 INFO Removed labeled key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k', '(RSA)']
2016-04-10 19:57:54,853 INFO [1] SSH keys [Removed]
$ cat ~/tmp/authorized_keys

新規ファイルでもパーミッションは適切に設定されている.

$ ls -l ~/tmp/authorized_keys
-rw------- 1 mk mk 0  4月 10 19:57 /home/mk/tmp/authorized_keys

ちなみに
/etc/ssh/ssh_import_id
を書き換えると任意のサーバを使うことも可能.

-       "URL": "https://launchpad.net/~%s/+sshkeys"
+       "URL": "https://example.org/~%s/+sshkeys"

これだと

$ ssh-import-id matoken

https://example.org/~matoken/+sshkeys が取り込まれる.
lpは上書きされちゃう感じ?