Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Uh, why couldn't you just sign your authorized_keys file and post it somewhere public? Then you just literally download, verify signature, and 'import' it (overwrite or append to existing file).


Yes, that's exactly what I said "would be nifty" above. I meant a client-side bash script or similar.


Here's a start: https://bpaste.net/show/049673c13cbf

You can clear sign an authorized_keys file with "gpg --clearsign <authorized_keys>", then just pass the resulting *.asc file to this script. It will verify the signature and 'import' it by copying it to ~/.ssh.


Looks good, thanks! Good way to update all my machines' SSH keys.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: