git mirror of the official upstream at
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


You're logged onto a cloud instance working on a problem with your fellow devs, and you want to invite them to log in and take a look at these crazy log messages. What do?

Oh. You have to ask them to cat their public SSH key, paste it into IRC (wait, no, it's, not id_rsa silly!) then you copy it and cat it to the end of authorized_hosts.

That's where ssh-import-id comes in. With ssh-import-id, you can add the public SSH keys from a known, trusted online identity to grant SSH access.

Currently supported identities include Github and Launchpad.


ssh-import-id uses short prefix to indicate the location of the online identity. For now, these are:

'gh:' for Github
'lp:' for Launchpad

Command line help:

usage: ssh-import-id [-h] [-o FILE] USERID [USERID ...]

Authorize SSH public keys from trusted online identities.

positional arguments:
USERID                User IDs to import

optional arguments:
-h, --help            show this help message and exit
-o FILE, --output FILE
                    	Write output to file (default ~/.ssh/authorized_keys)


If you wanted me to be able to ssh into your server, as the desired user on that machine you would use:

$ ssh-import-id gh:cmars

You can also import multiple users on the same line, even from different key services, like so:

$ ssh-import-id gh:cmars lp:kirkland

Used with care, it's a great collaboration tool!


ssh-import-id can be installed on Python >= 2.6 with a recent version of pip:

$ pip install ssh-import-id

ssh-import-id requires a recent version of Requests (>=1.1.0) for verified SSL/TLS connections.


You can add support for your own SSH public key providers by creating a script named ssh-import-id-prefix. Make the script executable and place it in the same bin directory as ssh-import-id.

The script should accept the identity username for the service it connects to, and output lines in the same format as an ~/.ssh/authorized_keys file.

If you do develop such a handler, I recommend that you connect to the service with SSL/TLS, and require a valid certificate and matching hostname. Use Requests.get(url, verify=True), for example.


This project is authored and maintained by Dustin Kirkland, Scott Moser, and Casey Marshall.