marcinantkiewicz/github_ssh_to_local_authkeys.md

Created February 21, 2026 21:36

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/marcinantkiewicz/11d6b96153bfc62183d0aa1d8a6b984d.js"></script>
Save marcinantkiewicz/11d6b96153bfc62183d0aa1d8a6b984d to your computer and use it in GitHub Desktop.

Download ZIP

Allow ssh access to user based on their github identity

Raw

github_ssh_to_local_authkeys.md

Allow user access something, run command, using their github public ssh key.
Note: using command= enables interesting security footguns

COMMAND='command="free",restrict'
GH_USER=username
KEYS=$(curl -s https://github.com/$GH_USER.keys)

{
  echo "# https://github.com/$GH_USER"
  echo "$KEYS" | sed "s/^/$COMMAND /"
  echo "$KEYS" | ssh-keygen -lf /dev/stdin 2>/dev/null | sed 's/^/# /'
  echo "# end github.com/$GH_USER"
} >> authorized_keys

produces

% cat ~/.ssh/authorized_keys
# https://github.com/username
command="free",restrict ssh-ed25519 AAAACpUWC8rI4cyCdn7c+ZJUtEa8[...]tRzTg
command="free",restrict ssh-rsa AAAAjW0xm6rg8mQHslmA1Lm3rPuCBJfz6mHAQhg[...]fhk=
# 256 SHA256:/3FWe+5nQapUCCW8rI4cyCdn7c+ZJetEa8/TYk7aHKxs no comment (ED25519)
# 3072 SHA256:ns2ESm/R0xm6sg8mQHslmGILm3rxuCBJfz6mTaQhgu8 no comment (RSA)
# end github.com/username

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment