[Quick Tip] Easiest Way to get your SSH Keys onto a new Machine
Did you ever setup a new system like a virtual machine, Raspberry Pi or cloud server and asked yourself – what is the fastest and easiest way to copy my public SSH keys onto my new machine to allow remote login? The answer is GitHub!
Get your Public Key from GitHub
GitHub offers an easy HTTP-API to download your public key without prior setup. You can use it to easily configure SSH logins on a new machine.
The endpoint is:
https://github.com/username.keys
Example
Given your GitHub username is return2
, your keys would be accessible via https://github.com/return2.keys
.
Add your Public Key to authorized_keys
The following simple command adds your public key(s) to the authorized_keys
file to allow remote SSH login:
curl https://github.com/username.keys >> ~/.ssh/authorized_keys
Make sure to use >>
instead of >
. Otherwise, you will replace your authorized_keys
file instead of appending it.
That's it.
Extra – Security Considerations / Workflow
It's totally fine to reuse key pairs across multiple services like GitHub and your servers. However, it's good practice to not reuse your keys everywhere to reduce the attack vector, if your private key somehow gets compromised or stolen. What I generally do is generate a new key pair for each service - one for GitHub, one for server 1, one for server 2 etc. My 'new machine ssh setup'-workflow typically looks like this:
- [New Machine] Download my GitHub key on the new machine during install
curl https://github.com/username.keys >> ~/.ssh/authorized_keys
- [My PC/Mac] Generate a new key-pair on my own pc like
ssh-keygen -o -a 256 -t ed25519 -f name_of_new_machine
- [My PC/Mac] Use
ssh-copy-id
to remotely transfer the newly generated key likessh-copy-id -i ~/.ssh/name_of_new_machine user@host
- [New Machine] Remove the GitHub key from the
authorized_keys
file on the new machine.
References
- Header Image GitHub logo: © GitHub, Inc. (https://github.com)