[Quick Tip] Easiest Way to get your SSH Keys onto a new Machine

Did you ever setup a new system like a virtual machine, Raspberry Pi or cloud server and asked yourself – what is the fastest and easiest way to copy my public SSH keys onto my new machine to allow remote login? The answer is GitHub!

Get your Public Key from GitHub

GitHub offers an easy HTTP-API to download your public key without prior setup. You can use it to easily configure SSH logins on a new machine.

The endpoint is:

https://github.com/username.keys

Example

Given your GitHub username is return2, your keys would be accessible via https://github.com/return2.keys.

Add your Public Key to authorized_keys

The following simple command adds your public key(s) to the authorized_keys file to allow remote SSH login:

curl https://github.com/username.keys >> ~/.ssh/authorized_keys

Make sure to use >> instead of >. Otherwise, you will replace your authorized_keys file instead of appending it.

That's it.


Extra – Security Considerations / Workflow

It's totally fine to reuse key pairs across multiple services like GitHub and your servers. However, it's good practice to not reuse your keys everywhere to reduce the attack vector, if your private key somehow gets compromised or stolen. What I generally do is generate a new key pair for each service - one for GitHub, one for server 1, one for server 2 etc. My 'new machine ssh setup'-workflow typically looks like this:

  1. [New Machine] Download my GitHub key on the new machine during install curl https://github.com/username.keys >> ~/.ssh/authorized_keys
  2. [My PC/Mac] Generate a new key-pair on my own pc like ssh-keygen -o -a 256 -t ed25519 -f name_of_new_machine
  3. [My PC/Mac] Use ssh-copy-id to remotely transfer the newly generated key like ssh-copy-id -i ~/.ssh/name_of_new_machine user@host
  4. [New Machine] Remove the GitHub key from the authorized_keys file on the new machine.

References