A command line program to easily sync your SSH keys. Requires a self-hosted ssh-sync server.

ssh-sync: Seamless SSH Key Management

ssh-sync is a powerful CLI tool designed to simplify the way you manage and synchronize your SSH keys and configurations across multiple machines. With ssh-sync, gone are the days of manually copying SSH keys or adjusting configurations when switching devices. Whether you're moving between workstations or setting up a new machine, ssh-sync ensures your SSH environment is up and running effortlessly.

Quick Start

Installation

ssh-sync is available on Windows, macOS, and Linux. Choose the installation method that best suits your operating system:

Windows

Install ssh-sync using Winget:

winget install therealpaulgg.ssh-sync

macOS

ssh-sync can be installed using Homebrew:

brew tap therealpaulgg/ssh-sync
brew install ssh-sync

Linux

For Linux users, you can install ssh-sync through our official package repositories or by downloading packages directly from our GitHub Releases page:

Using the Official Repository

Debian/Ubuntu and derivatives:

# Import the GPG key
curl -fsSL https://repo.sshsync.io/ssh-sync-repo.asc | sudo gpg --dearmor -o /usr/share/keyrings/ssh-sync-archive-keyring.gpg

# Add the repository
echo "deb [signed-by=/usr/share/keyrings/ssh-sync-archive-keyring.gpg] https://repo.sshsync.io/debian $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/ssh-sync.list

# Update package lists
sudo apt update

# Install ssh-sync
sudo apt install ssh-sync

Fedora/RHEL/CentOS and derivatives:

# Import the GPG key
sudo rpm --import https://repo.sshsync.io/ssh-sync-repo.asc

# Add the repository
cat &lt;

Specify the machine you wish to remove following the command.

You may optionally provide the machine name on the command line so you don't have to type it in when running the command.

Reset

To remove the current machine from your account and clear all SSH-Sync data:

ssh-sync reset

This command is useful if you're decommissioning a machine or wish to start fresh.

By following these steps, you can seamlessly sync and manage your SSH keys across all your machines with SSH-Sync.

Self-Hosting ssh-sync-server

In general, for self-hosting, we recommend a setup where ssh-sync-server is behind a reverse proxy (i.e Nginx), and SSL is handled via LetsEncrypt.

Docker

Docker is the easiest way to run the server. Here is a simple docker-compose file you can use:

version: '3.3'
services:
    ssh-sync-server:
        restart: always
        environment:
          - PORT=
          - NO_DOTENV=1
          - DATABASE_USERNAME=sshsync
          - DATABASE_PASSWORD=${POSTGRES_PASSWORD}
          - DATABASE_HOST=ssh-sync-db:5432
        logging:
          driver: json-file
          options:
            max-size: 10m
        ports:
          - ':'
        image: therealpaulgg/ssh-sync-server:latest
        container_name: ssh-sync-server
    ssh-sync-db:
        image: therealpaulgg/ssh-sync-db:latest
        container_name: ssh-sync-db
        volumes:
          - /path/to/db-volume:/var/lib/postgresql/data
        environment:
          - POSTGRES_USER=sshsync
          - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
          - POSTGRES_DB=sshsync
        restart: always

Nginx

Example Nginx config (must support websockets)

server {
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/server.sshsync.io/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/server.sshsync.io/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    server_name server.sshsync.io;
    location / {
            proxy_pass http://127.0.0.1:;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Real-IP $remote_addr;
    }


}
server {
    if ($host = server.sshsync.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name server.sshsync.io;
    return 404; # managed by Certbot


}

If you don't want to use docker, other methods of running are not supported at this time, but the source repos are linked below so you can configure your own server as you wish.

ssh-sync-server Github ssh-sync-db

How ssh-sync Works

ssh-sync leverages a client-server model to store and synchronize your SSH keys securely. The diagram below outlines the ssh-sync architecture and its workflow:

ssh-sync Architecture

For a deep dive into the technicalities of ssh-sync, including its security model, data storage, and key synchronization process, check out our Wiki.

Why Choose ssh-sync?

Simplify SSH Key Management: Easily sync your SSH keys and configurations across all your devices.
Enhanced Security: ssh-sync uses advanced cryptographic techniques to ensure your SSH keys are securely transmitted and stored.
Effortless Setup: With support for Windows, macOS, and Linux, setting up ssh-sync is straightforward, regardless of your operating system.

Contributing

ssh-sync is an open-source project, and contributions are welcome! If you're interested in contributing, please check out our contribution guidelines.

License

ssh-sync is released under the MIT License.

ssh-sync therealpaulgg

README