95

I heard that there was a public URL for all users on github where you can access their public keys or they can supply that URL of all their public keys. Is this true? If so what is that URL. Does it exist for bitbucket as well?

undefine
  • 142
  • 1
  • 15
frazras
  • 5,928
  • 4
  • 30
  • 40

5 Answers5

165

You can get with:

curl https://github.com/<username>.keys

Replace <username> with the actual username of the GitHub user.

This is useful when you set login permission to other servers. Just save its output into ~/.ssh/authorized_keys. To append it to the end from the command line:

curl https://github.com/<username>.keys | tee -a ~/.ssh/authorized_keys

It can also be done using Github API

curl -i https://api.github.com/users/<username>/keys

For bit bucket you can use the following: (This call requires authentication.)

curl -i https://bitbucket.org/api/1.0/users/<accountname>/ssh-keys
frazras
  • 5,928
  • 4
  • 30
  • 40
  • If I know a git public key URL, how can I get access or clone the repository? – Hà Link Oct 09 '15 at 02:29
  • @HàLink The public keys belong to users not repositories. I you already know the user it is pretty simple to clone all the user's public repositories. – frazras Oct 09 '15 at 13:07
  • Thanks, I have misunderstood the usage of the public key. – Hà Link Oct 10 '15 at 03:09
  • 1
    This also works for enterprise versions of github. e.g. /.keys – Shane Gannon Jun 30 '17 at 18:13
  • It seems the Bitbucket curl doesn't work, it gives me 403 forbidden. – holmb Mar 05 '18 at 09:21
  • 2
    @holmb, according to the latest documentation, this endpoint requires authentication. I think this changed over time, I can't recall it being so when I first posted this answer. https://confluence.atlassian.com/bitbucket/ssh-keys-resource-296911735.html#ssh-keysResource-GET/users/{accountname}/ssh-keys – frazras Mar 07 '18 at 16:58
  • 1
    @fazras: Please do update the answer regarding BitBucket's change. Thanks. – Jumper May 18 '18 at 08:35
  • @ShaneGannon In my enterprise GitHub it does not work. Perhaps it has been disabled. – dzieciou Jun 07 '21 at 13:41
  • 1
    @dzieciou I'm not a GitHub admin but it sounds like something that might be disabled in some orgs. It still is open in our enterprise GitHub. – Shane Gannon Jun 08 '21 at 14:14
42

GPG public keys are now available at https://github.com/<username>.gpg

Brian D
  • 833
  • 7
  • 11
8

Works for gitlab same way too.

https://gitlab.com/<username>.keys

Works nicely in bash scripts too.

#GitProvider to fetch public keys (gitlab.com,github.com)
GitProvider="gitlab.com"
GitUsername="username"
curl https://${GitProvider}/${GitUsername}.keys | tee -a ~/.ssh/authorized_keys
Mike R
  • 679
  • 7
  • 13
7

In addition these also provide a way to retrieve a user's PGP keys:

GitHub:

https://github.com/USER.keys
https://gitlab.com/USER.gpg

GitLab:

https://gitlab.com/USER.keys
https://gitlab.com/USER.gpg
Itay Grudev
  • 7,055
  • 4
  • 54
  • 86
-2

While the keys are public you don't always want to reveal your internal hostnames from the default comment fields, so I'd recommend ssh-copy-id command if you have SSH password access, wormhole when on console and configuration management tools (like Ansible, Puppet etc) in the first place.

kravietz
  • 10,667
  • 2
  • 35
  • 27