Enable SSH access for all members of a GitHub organization

github-access.sh

#!/bin/bash

{

GH_TMP_FILE=/tmp/github_authorized_keys
GH_ACCESS_TOKEN=YOUR_ORG_ACCESS_TOKEN_GOES_HERE
GH_ORG_NAME=YOUR_ORG_NAME_GOES_HERE
LOCAL_USER=SET_THIS_TO_THE_LOCAL_USER_TO_ENABLE_ACCESS_FOR # e.g. ec2-user, ubuntu, etc.

# Find an expected user to add authorized_keys for
if [ ! -d "/home/$LOCAL_USER" ]; then
	echo "Unable to find an existing user $LOCAL_USER, need a valid user to add authorized_keys to"
	exit 1
fi

AUTHORIZED_KEYS_FILE=/home/$LOCAL_USER/.ssh/authorized_keys

echo "Adding all GitHub SSH keys for $GH_ORG_NAME members to $LOCAL_USER authorized_keys"

if [ -f $GH_TMP_FILE ];
then
	echo "Temp file $GH_TMP_FILE exists, this process has likely already been run. To run it again, delete this temp file"
else
	if [ ! -f $AUTHORIZED_KEYS_FILE ];
	then
		echo "$AUTHORIZED_KEYS_FILE is not found -- is the ssh server configured for this machine?"
	else
		rm -f $GH_TMP_FILE
		GH_USERS=`curl --silent "https://api.github.com/orgs/$GH_ORG_NAME/members?access_token=$GH_ACCESS_TOKEN"| grep -o '\"url\"\s*:\s*\"[^\",]*' | grep -o 'https://.*'`
		echo "$GH_USERS" | while read url ;
		do
			echo "Requesting keys for $url"
			curl --silent "$url/keys?access_token=$GH_ACCESS_TOKEN" | grep -o 'ssh-rsa[^\"]*' >> $GH_TMP_FILE
		done

		if [ -f $GH_TMP_FILE ];
		then
			cat $GH_TMP_FILE >> $AUTHORIZED_KEYS_FILE
		fi
	fi
fi

echo "GitHub SSH keys added to user $LOCAL_USER"

} > /var/log/github-access.log 2>&1

This can be included in a user-data script on an EC2 instance, for example, to enable SSH access for a team at startup.