Accessing Github public keys

Posted on Feb 11, 2021

As it turns out, Github actually exports public keys for every user, and anyone can just download them.

$ ~$ wget -q -O - https://github.com/PPFilip.keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnAKhanFOF8Nekao8+1VPc2psc/fGcJPO7LPJ6/gCOl
[...]

I found this out while installing a new Ubuntu Server (20.04) from scratch - after a few years (usually I just dist-upgrade my boxes, and deploy new ones from some pre-made AMIs or LXC images). Ubuntu uses this during ssh configuration and gives you the option to import public keys from Github. In this day and age, no server should allow password auth anyway, so being able to import public keys and disable password auth conveniently at installation is definitely useful.

As for Github, they export just the key itself, and not associated comments, so no ‘personal’ information is leaking here. All in all, this looks like a nice alternative to just copying and publishing your public keys all over the place. You could even create new github user just for this purpose :)