科技回声

I use it to set user access to my company's servers with ansible automatically. I just have to set a list of github usernames and it generates a list of users with their ssh key access setup !

Found out about this today, you can prepend any GitHub username with .keys to fetch their public keys.

Is this supposed to be okay? I mean, even though they are public keys, its not like I really want them to be _that_ public!

Seems like this would be a good way to frame somebody else. Hack into a server, do some damage/steal files, and drop <i>somebody elses</i> public key on the server.<p>"But I didnt do it!" - Then why was your key on the server?

Something similar has been available on Launchpad for years. There's a tool called "ssh-import-id". If I want to give you access to an Ubuntu server, I might type "ssh-import-id kentwistle". This would fetch public keys that the kentwistle user on Launchpad has published over HTTPS and then add them to ~/.ssh/authorized_keys.<p>I don't think there's any reason that ssh-import-id needs to be Launchpad-specific.

It's worth noting that this shows only "verified" keys, which are keys that have been added to the account and used at least once.

Github leverages such content-type negotiation for other resources too: add .diff or .patch to commits or pull requests. There's a way to get git am compatible data too.

I am glad my email doesn't show up in there.