Basic CLI (and Node module) to push SSH keys to remote hosts. Add or remove a public key from several hosts in one shot.
Here's the scenario: You already have public key authentication to a set of remote hosts (on-premise VMs or AWS EC2 instances) and now you need to give someone else access. Full-blown configuration management might be overkill - you just need to propagate someone else's key. Ok, you can either write up a simple bash script or... do it manually? Yuck. Then what do you do when someone leaves the company/project and you now need to remove that person's key?
Enter pusshkey. A simple tool for a simple job. Install via npm, optionally configure a group of hosts in pusshkey.json, and
pusshkey add or
$ npm install -g pusshkey
Add key to one or more hosts. Will only add the key if it does not already exist. 👍
$ pusshkey [options] add <key> <host> [hosts...]
Remove key from one or more hosts.
$ pusshkey [options] rm <key> <host> [hosts...]
Note that a
<key> is the public key to add or remove, either as a file reference or as the public key value itself. A
<host> is either a hostname, IP, or alias. See Configuration below about using aliases to represent a set of hosts.
pusshkey -h or
pusshkey for help content and
pusshkey -V to output the installed version.
The SSH user on the remote host(s). This will be used for authentication in order to access the remote hosts, and the key that you're pushing will go in the
authorized_keys file that belongs to this user.
Default value is either 1) the user specified in the
pusshkey.json config file (see Configuration below) or 2) the current user. Run
pusshkey -h to see which user will be used as default.
The identity file (private key) used for public key authentication against the remote host(s). This file represents your credentials (key and associated passphrase). This is the key you want to add to
ssh-add <key> before running
pusshkey (see Notes below).
Default value is either 1) the identity specified in the
pusshkey.json config file (see Configuration below) or 2) the default for the
ssh program (typically
pusshkey -h to see which identity file will be used as default. A value of
'' equates to the default for the
# Add some_key to your-server$ pusshkey add ~/.ssh/some_key.pub your-server# Add some_key to multiple hosts$ pusshkey add ~/.ssh/some_key.pub your-server-1 your-server-2 192.168.0.1 ec2-1-2-3-4.compute-1.amazonaws.com# Add key_in_cwd.pub to your-server and authenticate using foo user and x_id_rsa private key$ pusshkey add key_in_cwd.pub your-server -u foo -i ~/.ssh/x_id_rsa# Remove old_key from your-server$ pusshkey rm old_key.txt your-server
Also see Notes below about using
ssh-agent (before you run
pusshkey) to make your life easier.
The big win here is the ability to predefine host aliases, which can represent one or more actual hostnames. You can also specify which user and identity that ssh should use (instead of using the
-i options every time).
pusshkey.json file in the current working directory that contains the following (all entries are optional):
"hosts" entry defines a host alias, and you can reference other aliases in the array. Circular references are supported, though I'm not sure why you would need them. It's also ok if you use the same host in multiple aliases - pusshkey will detect this and will only access each host once per execution.
The config above would let you run simple commands like:
$ pusshkey add new_key.pub dev-alias$ pusshkey rm old_key.pub all
To propagate a key to several hosts in one execution for the
foo user, using
foo_id_rsa for authentication.
The configuration file MUST be in the current working directory, and it MUST be named
- Currently requires the
sshprogram. If you're on Windwos, try installing msysgit first.
- To avoid password/passphrase prompts, make sure
ssh-agentis running and you have added your private key via
pusshkey. Should be as simple as:
$ ssh-agent$ ssh-add <key>
- To check if your key has been added to