Sync public ssh keys to ~/.ssh/authorized_keys, based on Github/Gitlab organization membership.
$ export GO111MODULE=on
$ go get github.com/samber/sync-ssh-keysor
$ curl -L -o /usr/local/bin/sync-ssh-keys \
https://github.com/samber/sync-ssh-keys/releases/download/v0.5.0/sync-ssh-keys_0.5.0_linux-amd64
$ chmod +x /usr/local/bin/sync-ssh-keysor
$ docker pull samber/sync-ssh-keys:0.5.0
$ docker run --rm samber/sync-ssh-keys:0.5.0 --github-username samber$ crontab -eThen:
# sync once per hour
0 * * * * sync-ssh-keys --github-token XXXXXXXXXXXXXXX --github-org epitech --github-team sysadmin --output /root/.ssh/authorized_keys
$ sync-ssh-keys --help
usage: sync-ssh-keys [<flags>]
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
-o, --output=OUTPUT Write output to <file>. Default to stdout
--Werror=WERROR Treat warning as errors. Fatal error if organization, team or user does not exist.
--local-path=LOCAL-PATH Path to a local authorized_keys file. It can be useful in case of network failure ;)
--github-endpoint=GITHUB-ENDPOINT
Github Enterprise endpoint.
--github-token=GITHUB-TOKEN
Github personal token.
--github-org=GITHUB-ORG Github organization name.
--github-team=GITHUB-TEAM ...
Team(s) allowed to access server.
--github-username=GITHUB-USERNAME ...
Username(s) allowed to access server.
--exclude-github-username=EXCLUDE-GITHUB-USERNAME ...
Username(s) to explicitly exclude.
--gitlab-endpoint=GITLAB-ENDPOINT
Gitlab endpoint.
--gitlab-token=GITLAB-TOKEN
Gitlab personal token.
--gitlab-group=GITLAB-GROUP ...
Group allowed to access server.
--gitlab-username=GITLAB-USERNAME ...
Username(s) allowed to access server.
--exclude-gitlab-username=EXCLUDE-GITLAB-USERNAME ...
Username(s) to explicitly exclude.
--version Show application version.