From the Canyon Edge: Introducing ssh-import-lp-id

Thursday, March 25, 2010

Introducing ssh-import-lp-id

ssh-copy-id is an incredibly useful utility for pushing your public key from your local machine to a remote server, such that you can use public key authentication thereafter.

Scott Moser and I wrote a similar utility for Ubuntu Lucid, called ssh-import-lp-id, for securely pulling one or more public keys from Launchpad.net and appending them to an account's ~/.ssh/authorized_keys file.

This can be incredibly useful in cloud environments, like EC2 or UEC.

For example, I just fired up an instance in EC2, and wanted to give shared access to me, Scott, and Kees:

ubuntu@ip-172-19-1-2:~$ ssh-import-lp-id kirkland smoser kees
INFO: Successfully authorized [kirkland]
INFO: Successfully authorized [smoser]
INFO: Successfully authorized [kees]

I can cat ~/.ssh/authorized_keys and see that all 3 were imported, and now any of the 3 of us can ssh into this instance and authenticate using public key authentication.

You can use ssh-import-lp-id against any user in Launchpad who has registered their public SSH keys. Nifty, huh?

For Lucid, the ssh-import-lp-id utility is provided by the ssh-import binary package (which comes from the cloud-utils source package). Ideally, I'd like to get the tool into upstream OpenSSH and in the openssh-server package. To do so, though, I would probably need to support other public SSH keyservers besides Launchpad.net. I did a bit of searching, but I couldn't find any other SSH public keyservers out there. Any pointers?

:-Dustin

3 comments:

AnonymousMarch 25, 2010 at 2:49 AM
There's also http://www.kaarsemaker.net/downloads/code/launchpadduser.py -- an older script to add a user and their SSH keys from a Launchpad username
ReplyDelete
Replies
Dustin KirklandMarch 25, 2010 at 10:23 AM
Hi wgrant-

Thanks for the pointer!

Is that packaged anywhere?

:-Dustin
ReplyDelete
Replies
AnonymousMarch 27, 2010 at 5:12 AM
http://blog.printf.net/articles/2008/09/15/an-ssh-public-keyserver
ReplyDelete
Replies

Add comment

Please do not use blog comments for support requests! Blog comments do not scale well to this effect.

Instead, please use Launchpad for Bugs and StackExchange for Questions.
* bugs.launchpad.net
* stackexchange.com

Thanks,
:-Dustin

About the Author

Dustin Kirkland (Twitter, LinkedIn) is an engineer at heart, with a penchant for reducing complexity and solving problems at the cross-sections of technology, business, and people.

With a degree in computer engineering from Texas A&M University (2001), his full-time career began as a software engineer at IBM in the Linux Technology Center working on the Linux kernel and security certifications, including a one-year stint as an dedicated engineer-in-residence at Red Hat in Boston (2005). Dustin was awarded the title Master Inventor at IBM, in recognition of his prolific patent work as an inventor and reviewer with IBM's intellectual property attorneys.

Dustin then first joined Canonical (2008) as an engineer (eventually, engineering manager), helping create the Ubuntu Server distribution and establishing Ubuntu as the overwhelming favorite Linux distribution in Amazon, Google, and Microsoft's cloud platforms, as well as authoring and maintaining dozens of new open source packages.

Dustin joined Gazzang (2011), a venture-backed start-up built around an open source project that he co-authored (eCryptFS), as Chief Technology Officer, and helped dozens of enterprise customers encrypt their data at rest and securely manage their keys. Gazzang was acquired by Cloudera (2014).

Having effectively monetized eCryptFS as an open source project at Gazzang, Dustin returned to Canonical (2013) as the VP of Product for Ubuntu and spent the next several years launching a portfolio of products and services (Ubuntu Advantage, Extended Security Maintenance, Canonical Livepatch, MAAS, OpenStack, Kubernetes) that continues to deliver considerable annual recurring revenue. With Canonical based in London, an 800+ work-from-home employee roster and customers spread across 40+ countries, Dustin traveled the world over, connecting with clients and colleagues steeped in rich cultural experiences.

Google Cloud (2018) recruited Dustin from Canonical to product manage Google's entrance into on-premises data centers with its GKE On-Prem (now, Anthos) offering, with a specific focus on the underlying operating system, hypervisor, and container security. This work afforded Dustin a view deep into the back end data center of many financial services companies, where he still sees tremendous opportunities for improvements in security, efficiencies, cost-reduction, and disruptive new technology adoption.

Seeking a growth-mode opportunity in the fintech sector, Dustin joined Apex Clearing (now, Apex Fintech Solutions) as the Chief Product Officer (2019), where he led several organizations including product management, field engineering, data science, and business partnerships. He drastically revamped Apex's product portfolio and product management processes, retooling away from a legacy "clearing house and custodian", and into a "software-as-a-service fintech" offering instant brokerage account opening, real-time fractional stock trading, a secure closed-network crypto solution, and led the acquisition and integration of Silver's tax and cost basis solution.

Drawn back into a large cap, Dustin joined Goldman Sachs (2021) as a Managing Director and Head of Platform Product Management, within the Consumer banking division, which included Marcus, and the Apple and GM credit cards. He built a cross-functional product management community and established numerous documented product management best practices, processes, and anti-patterns.

Dustin lives in Austin, Texas, with his wife Kim and their wonderful two daughters.

Thursday, March 25, 2010

Introducing ssh-import-lp-id

3 comments:

Printfriendly

About the Author

Blog Archive

Github Activity

Google Plus

Twitter

StackExchange

Solar Output

Labels