
Obtain a GitHub user's public keys - kentwistle
https://github.com/jimweirich.keys
======
robinricard
I use it to set user access to my company's servers with ansible
automatically. I just have to set a list of github usernames and it generates
a list of users with their ssh key access setup !

------
kentwistle
Found out about this today, you can prepend any GitHub username with .keys to
fetch their public keys.

~~~
voltagex_
What can this be used for? I'd love to display my GPG key there instead but I
guess that's not possible.

~~~
stedaniels
Have you seen [https://keybase.io/](https://keybase.io/) that's an ideal place
for your GPG keys (and more) :-)

~~~
peterhajas
I can't tell if it's finished yet:

> Keybase __will __be a public directory of publicly auditable public keys.

Nor do I understand why I'd use it. Do lots of people post GPG encrypted
messages to each other on gist?

~~~
mseebach
It's an attempt to solve the key distribution problem. By having you verify
your keys on third party sites, a MITM or NSL attack (providing you with fake
keys so your messages can be intercepted) gets a lot harder as you have to
attack _n_ sites simultaneously instead of one.

------
intull
Is this supposed to be okay? I mean, even though they are public keys, its not
like I really want them to be _that_ public!

~~~
octo_t
Whats the harm? At most, people can encrypt things with your public key and
then...?

~~~
stared
For example they can identify my different accounts, when I sue the same key.

~~~
automatthew
Last time I tried to use the same public key for a second account, GitHub
refused.

------
mixologic
Seems like this would be a good way to frame somebody else. Hack into a
server, do some damage/steal files, and drop _somebody elses_ public key on
the server.

"But I didnt do it!" \- Then why was your key on the server?

~~~
kordless
Because _public_ keys are somewhat publicly available information?

------
rlpb
Something similar has been available on Launchpad for years. There's a tool
called "ssh-import-id". If I want to give you access to an Ubuntu server, I
might type "ssh-import-id kentwistle". This would fetch public keys that the
kentwistle user on Launchpad has published over HTTPS and then add them to
~/.ssh/authorized_keys.

I don't think there's any reason that ssh-import-id needs to be Launchpad-
specific.

------
akerl_
It's worth noting that this shows only "verified" keys, which are keys that
have been added to the account and used at least once.

------
lloeki
Github leverages such content-type negotiation for other resources too: add
.diff or .patch to commits or pull requests. There's a way to get git am
compatible data too.

------
drunken_thor
I am glad my email doesn't show up in there.

~~~
AYBABTME
It does:
[https://github.com/aybabtme/gol/commit/37ebaf91f312705e0f96f...](https://github.com/aybabtme/gol/commit/37ebaf91f312705e0f96f3196ded5f7fb925c680.patch)

