I find it a huge pain to introduce new machines as authorized hosts when linking them up to my existing servers. While enterprise-level systems exists for sysadmins to manage thousands of SSH Keys, I am but a simple man with his hoard of servers.
Hence, I created these scripts to alleviate the pain & hassle of adding a new hosts to my servers.
- Simple UI to upload keys
- Random URL generated for key upload all the time
- Has TLS to prevent MITM (verify fingerprint before connecting)
You will need:
- A host that can already connect to the SSH Server (
introducer
) - A host with the SSH Server (
server
) - A host to introduce to the SSH Server (
host
)
First, SSH into your server
from your introducer
.
Download upload-public-key.py
into your server
, and make it executable:
wget https://gist.githubusercontent.com/jameshi16/7c8cc538a98ba34ef92af063977fe490/raw/0f242d2fbc448e5286e4f36e274e3c06e79d33d6/upload-public-key.py \
chmod +x ./upload-public-key.py
Download update_authorized_keys.sh
into your server
under ~/.ssh/, and also make it executable:
wget -O ~/.ssh/update_authorized_keys.sh https://gist.githubusercontent.com/jameshi16/7c8cc538a98ba34ef92af063977fe490/raw/0f242d2fbc448e5286e4f36e274e3c06e79d33d6/update_authorized_keys.sh \
chmod +x ~/.ssh/update_authorized_keys.sh
If you are using the same folders as I do, create the public_keys/ssh_keys
folder hierarchy:
mkdir -p ~/public_keys/ssh_keys
Paste all of your existing public keys into the directory (i.e. in my case, ~/public_keys/ssh_keys
).
Run ./upload_public_key.py -i <ip address>
on your server
from your introducer
. For security purposes, you must choose an IP address to expose the server to (either use an internal IP address if you are in that environment, or find out your server
's public IP address with curl ifconfig.me
)
You should see something like the following echo'd:
Certificate location: /tmp/tmpec8k2a3w
Keyfile location: /tmp/tmpxs4j0x68
Server listening on: <ip>:43529
Certificate fingerprint: 17:9B:3A:A3:2D:CB:82:B3:CF:43:77:D8:FE:82:3B:EA:69:94:C3:65
GET URL: https://<ip>:43529/rvFmnar-UQw
POST URL: https://<ip>:43529/cDFObUte70SA_2KIFjja8Q
On the host
, generate a public/private keypair. Then, navigate to the URL stated in GET
, and upload the .pub
portion fo the keypair. Name the key as if you will be renaming the file to it, for example, typing in ubuntu-laptop
will save the uploaded key as ubuntu-laptop.pub
.
Upon successful submission, the script on server
will automatically quit. Navigate to ~/.ssh
and run ./update_authorized_keys.sh
. If successful, the new keys will be added into the authorized_keys
file.