I'm trying to store (append) the public key to a file (~/.ssh/authorized_keys) for a private key (private-key.pem) that actually is stored in s3, all using bash script.
Retrieving public key using a file:
ssh-keygen -y -f /path/to/private-key.pem
Output:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V
hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr
lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ
qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb
BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE
Then manually add the content to the dest file, this is fine, but I want to do it with a command, retrieving a file stored in a s3 (public url) and append the content output to a file (~/.ssh/authorized_keys).
I tried this:
ssh-keygen -y -f /dev/stdin <<< `curl https://bucket.s3.amazonaws.com/private-key.pem` >> ~/.ssh/authorized_keys
Output:
Load key "/dev/stdin": invalid format
And this:
curl https://bucket.s3.amazonaws.com/private-key.pem | ssh-keygen -y -f /dev/stdin >> ~/.ssh/authorized_keys
Output:
Permissions 0660 for '/dev/stdin' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/dev/stdin": bad permissions
After looking other related question, found that fifo or named pipes can have permissions, so I tried this and worked as expected, hope it helps anyone.
create named pipe with permission (pipe with name fifo)
mkfifo -m 600 fifo
run command pointing that pipe
curl -s https://bucket.s3.amazonaws.com/private-key.pem > fifo | ssh-keygen -y -f fifo >> ~/.ssh/authorized_keys
all in one command
mkfifo -m 600 fifo && curl -s https://bucket.s3.amazonaws.com/private-key.pem > fifo | ssh-keygen -y -f fifo >> ~/.ssh/authorized_keys