README
Sn0wlinks SSH User Manager
Author: David Collins-Cubitt
Date: August 2023
Sn0wlinks SSH User Manager is a simple shell-based tool for synchronising SSH client configuration and propagating authorised SSH public keys across multiple remote hosts.
It is designed to make adding or removing users easy in medium to large server clusters without manual per-host key management.
Purpose
- Deploy a standard ~/.ssh/config to a user account
- Push a centrally managed authorized_keys file to multiple servers
- Eliminate repetitive SSH key maintenance across hosts
- Quickly revoke or grant access by updating one file
How It Works
- Copies a predefined SSH client config into the local user’s ~/.ssh/
- Iterates over a list of hosts
- Replaces the remote user’s authorized_keys file on each host
- Disables host key prompts to allow unattended execution
File Overview
| File |
Description |
| config |
SSH client configuration copied to ~/.ssh/config |
| hosts.sh |
Plain-text list of SSH targets (one per line) |
| publickeys.sh |
Combined public keys file to deploy as authorized_keys |
| script.sh |
The main execution script |
Script Logic
Update Local SSH Configuration
Shell
Show more lines
Overwrites the local SSH client configuration with the managed version.
Push Authorized Keys to Remote Hosts
Shell
Show more lines
- Reads each host from hosts.sh
- Copies publickeys.sh to the remote host
- Replaces ~/.ssh/authorized_keys
- Suppresses host key verification prompts for automation
Completion Confirmation
Shell
Show more lines
Requirements
- OpenSSH client (ssh, scp)
- SSH access to all target hosts
- Existing user accounts on remote systems
- Write access to ~/.ssh/authorized_keys
Security Notes ⚠️
- *This script overwrites authorized_keys*
- Any existing unmanaged keys will be removed
- StrictHostKeyChecking=no reduces security
- Use only on trusted networks
- Ensure correct file permissions on targets:
Shell
Typical Use Cases
- Managing SSH access across compute clusters
- Lab or staging environments
- Small infrastructure without centralized IAM
- Rapid access revocation by deleting keys centrally
Limitations
- No validation of remote permissions
- No rollback or backup
- No per-host conditional logic
- Not suitable for untrusted or public networks
Git Codebase - Sn0wlink IT