From the Canyon Edge -- :-Dustin

Thursday, March 25, 2010

Introducing ssh-import-lp-id

ssh-copy-id is an incredibly useful utility for pushing your public key from your local machine to a remote server, such that you can use public key authentication thereafter.

Scott Moser and I wrote a similar utility for Ubuntu Lucid, called ssh-import-lp-id, for securely pulling one or more public keys from Launchpad.net and appending them to an account's ~/.ssh/authorized_keys file.

This can be incredibly useful in cloud environments, like EC2 or UEC.

For example, I just fired up an instance in EC2, and wanted to give shared access to me, Scott, and Kees:

ubuntu@ip-172-19-1-2:~$ ssh-import-lp-id kirkland smoser kees
INFO: Successfully authorized [kirkland]
INFO: Successfully authorized [smoser]
INFO: Successfully authorized [kees]


I can cat ~/.ssh/authorized_keys and see that all 3 were imported, and now any of the 3 of us can ssh into this instance and authenticate using public key authentication.

You can use ssh-import-lp-id against any user in Launchpad who has registered their public SSH keys. Nifty, huh?

For Lucid, the ssh-import-lp-id utility is provided by the ssh-import binary package (which comes from the cloud-utils source package). Ideally, I'd like to get the tool into upstream OpenSSH and in the openssh-server package. To do so, though, I would probably need to support other public SSH keyservers besides Launchpad.net. I did a bit of searching, but I couldn't find any other SSH public keyservers out there. Any pointers?

:-Dustin