From 35459b3f116ed2c63b49ae3f735c990f2720c04f Mon Sep 17 00:00:00 2001 From: Patrck Lewis <4015312+locus313@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:25:18 -0700 Subject: [PATCH 1/7] Add method for using keys from github profile --- README.md | 5 ++++- sync-ssh-keys.sh | 4 ++++ users.conf | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 425fdd9..624f328 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ This Bash script pulls `authorized_keys` files from remote URLs and updates SSH - Works with: - ✅ Public URLs (method: `raw`) - ✅ Private GitHub repositories via GitHub API (method: `api`, requires token) + - ✅ GitHub user public keys (method: `ghuser`) - Safe: Only updates keys if they’ve changed - Logs activity per user @@ -21,18 +22,20 @@ Each entry uses the format: - **raw:** Fetches directly from a public URL. - **api:** Fetches from a private GitHub repo using the GitHub API (requires `GITHUB_TOKEN` environment variable). +- **ghuser:** Fetches public keys from a GitHub user's profile (provide the GitHub username after the colon). **Example `users.conf`:** ```bash declare -A USER_KEYS=( ["ubuntu"]="raw:https://example.com/ssh-keys/ubuntu.authorized_keys" ["devuser"]="api:https://api.github.com/repos/yourorg/ssh-keys/contents/keys/devuser.authorized_keys?ref=main" + ["alice"]="ghuser:alice-github-username" ) ``` ## Usage -1. Edit the `users.conf` file to define users and their key URLs. +1. Edit the `users.conf` file to define users and their key URLs or GitHub usernames. 2. If using the `api` method, export your GitHub token: ```bash export GITHUB_TOKEN=your_token_here diff --git a/sync-ssh-keys.sh b/sync-ssh-keys.sh index 9d1f27a..00d3904 100644 --- a/sync-ssh-keys.sh +++ b/sync-ssh-keys.sh @@ -35,6 +35,10 @@ fetch_key_file() { -H "Accept: application/vnd.github.v3.raw" \ "$URL" -o "$OUTFILE" return $? + elif [[ "$METHOD" == "ghuser" ]]; then + # URL is the GitHub username + curl -fsSL "https://github.com/${URL}.keys" -o "$OUTFILE" + return $? else log_message "Error: Unsupported method '$METHOD' encountered for URL '$URL'. Halting execution." exit 2 diff --git a/users.conf b/users.conf index fc21cd7..d803988 100644 --- a/users.conf +++ b/users.conf @@ -1,5 +1,5 @@ declare -A USER_KEYS=( ["ubuntu"]="raw:https://example.com/ssh-keys/ubuntu.authorized_keys" ["devuser"]="api:https://api.github.com/repos/yourorg/ssh-keys/contents/keys/devuser.authorized_keys?ref=main" - ["admin"]="api:https://api.github.com/repos/yourorg/ssh-keys/contents/keys/admin.authorized_keys?ref=main" + ["alice"]="ghuser:alice-github-username" ) From 548b7cfc5695dee83169c330a759872c550c2d9f Mon Sep 17 00:00:00 2001 From: Patrck Lewis <4015312+locus313@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:26:44 -0700 Subject: [PATCH 2/7] bumb version --- sync-ssh-keys.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sync-ssh-keys.sh b/sync-ssh-keys.sh index 00d3904..6bd25f9 100644 --- a/sync-ssh-keys.sh +++ b/sync-ssh-keys.sh @@ -2,7 +2,7 @@ set -euo pipefail # shellcheck disable=SC2034 # planned to be used in a future release -SCRIPT_VERSION="0.0.5" +SCRIPT_VERSION="0.0.6" # === Load user configuration === SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" From 34529d3a92cd5af434883df1427fef743c4619da Mon Sep 17 00:00:00 2001 From: Patrick Lewis <4015312+locus313@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:28:46 -0700 Subject: [PATCH 3/7] add error handling Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- sync-ssh-keys.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sync-ssh-keys.sh b/sync-ssh-keys.sh index 6bd25f9..76d599e 100644 --- a/sync-ssh-keys.sh +++ b/sync-ssh-keys.sh @@ -38,7 +38,11 @@ fetch_key_file() { elif [[ "$METHOD" == "ghuser" ]]; then # URL is the GitHub username curl -fsSL "https://github.com/${URL}.keys" -o "$OUTFILE" - return $? + if [ $? -ne 0 ]; then + log_message "Error: Failed to fetch SSH keys for GitHub user '$URL' from 'https://github.com/${URL}.keys'." + return 1 + fi + return 0 else log_message "Error: Unsupported method '$METHOD' encountered for URL '$URL'. Halting execution." exit 2 From 23e7712e0f781eef8839f31b77e6ff80b2ccd755 Mon Sep 17 00:00:00 2001 From: Patrck Lewis <4015312+locus313@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:32:20 -0700 Subject: [PATCH 4/7] update indentation --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 624f328..ae270b8 100644 --- a/README.md +++ b/README.md @@ -45,10 +45,9 @@ declare -A USER_KEYS=( chmod +x sync-ssh-keys.sh ``` 4. Add to root's crontab: - -```cron -*/15 * * * * /usr/local/bin/sync-ssh-keys.sh >> /var/log/ssh-key-sync.log 2>&1 -``` + ```cron + */15 * * * * /usr/local/bin/sync-ssh-keys.sh >> /var/log/ssh-key-sync.log 2>&1 + ``` ## Implementation Notes From bea3877bbda963865a4ce81dd1b30a8e0e365850 Mon Sep 17 00:00:00 2001 From: Patrck Lewis <4015312+locus313@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:37:57 -0700 Subject: [PATCH 5/7] Updateparameter name --- sync-ssh-keys.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sync-ssh-keys.sh b/sync-ssh-keys.sh index 76d599e..55559e6 100644 --- a/sync-ssh-keys.sh +++ b/sync-ssh-keys.sh @@ -23,28 +23,28 @@ log_message() { fetch_key_file() { local METHOD="$1" - local URL="$2" + local TARGET="$2" local OUTFILE="$3" if [[ "$METHOD" == "raw" ]]; then - curl -fsSL "$URL" -o "$OUTFILE" + curl -fsSL "$TARGET" -o "$OUTFILE" return $? elif [[ "$METHOD" == "api" ]]; then : "${GITHUB_TOKEN:?GITHUB_TOKEN is required for API access}" curl -fsSL -H "Authorization: token $GITHUB_TOKEN" \ -H "Accept: application/vnd.github.v3.raw" \ - "$URL" -o "$OUTFILE" + "$TARGET" -o "$OUTFILE" return $? elif [[ "$METHOD" == "ghuser" ]]; then - # URL is the GitHub username - curl -fsSL "https://github.com/${URL}.keys" -o "$OUTFILE" + # TARGET is the GitHub username + curl -fsSL "https://github.com/${TARGET}.keys" -o "$OUTFILE" if [ $? -ne 0 ]; then - log_message "Error: Failed to fetch SSH keys for GitHub user '$URL' from 'https://github.com/${URL}.keys'." + log_message "Error: Failed to fetch SSH keys for GitHub user '$TARGET' from 'https://github.com/${TARGET}.keys'." return 1 fi return 0 else - log_message "Error: Unsupported method '$METHOD' encountered for URL '$URL'. Halting execution." + log_message "Error: Unsupported method '$METHOD' encountered for URL '$TARGET'. Halting execution." exit 2 fi } From ea7a62b703a39f0432a2cca953a290925cbe6923 Mon Sep 17 00:00:00 2001 From: Patrck Lewis <4015312+locus313@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:39:26 -0700 Subject: [PATCH 6/7] change return to exit --- sync-ssh-keys.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sync-ssh-keys.sh b/sync-ssh-keys.sh index 55559e6..680b8bb 100644 --- a/sync-ssh-keys.sh +++ b/sync-ssh-keys.sh @@ -40,7 +40,7 @@ fetch_key_file() { curl -fsSL "https://github.com/${TARGET}.keys" -o "$OUTFILE" if [ $? -ne 0 ]; then log_message "Error: Failed to fetch SSH keys for GitHub user '$TARGET' from 'https://github.com/${TARGET}.keys'." - return 1 + exit 2 fi return 0 else From d670468f19d1fc8e1ef839be8dbf1252e7e74f20 Mon Sep 17 00:00:00 2001 From: Patrck Lewis <4015312+locus313@users.noreply.github.com> Date: Tue, 24 Jun 2025 22:44:55 -0700 Subject: [PATCH 7/7] remove usage of log_message --- sync-ssh-keys.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/sync-ssh-keys.sh b/sync-ssh-keys.sh index 680b8bb..29d02bf 100644 --- a/sync-ssh-keys.sh +++ b/sync-ssh-keys.sh @@ -38,11 +38,7 @@ fetch_key_file() { elif [[ "$METHOD" == "ghuser" ]]; then # TARGET is the GitHub username curl -fsSL "https://github.com/${TARGET}.keys" -o "$OUTFILE" - if [ $? -ne 0 ]; then - log_message "Error: Failed to fetch SSH keys for GitHub user '$TARGET' from 'https://github.com/${TARGET}.keys'." - exit 2 - fi - return 0 + return $? else log_message "Error: Unsupported method '$METHOD' encountered for URL '$TARGET'. Halting execution." exit 2