Obtain a GitHub user's public keys

I use it to set user access to my company's servers with ansible automatically. I just have to set a list of github usernames and it generates a list of users with their ssh key access setup !

Found out about this today, you can prepend any GitHub username with .keys to fetch their public keys.

Is this supposed to be okay? I mean, even though they are public keys, its not like I really want them to be _that_ public!

Seems like this would be a good way to frame somebody else. Hack into a server, do some damage&#x2F;steal files, and drop <i>somebody elses</i> public key on the server.<p>&quot;But I didnt do it!&quot; - Then why was your key on the server?

Something similar has been available on Launchpad for years. There&#x27;s a tool called &quot;ssh-import-id&quot;. If I want to give you access to an Ubuntu server, I might type &quot;ssh-import-id kentwistle&quot;. This would fetch public keys that the kentwistle user on Launchpad has published over HTTPS and then add them to ~&#x2F;.ssh&#x2F;authorized_keys.<p>I don&#x27;t think there&#x27;s any reason that ssh-import-id needs to be Launchpad-specific.

It&#x27;s worth noting that this shows only &quot;verified&quot; keys, which are keys that have been added to the account and used at least once.

Github leverages such content-type negotiation for other resources too: add .diff or .patch to commits or pull requests. There&#x27;s a way to get git am compatible data too.

I am glad my email doesn&#x27;t show up in there.