←back to thread

macOS command-line tools you might not know about

(saurabhs.org)
2039 points Gadiguibou | 10 comments | 27 Jun 23 12:08 UTC | HN request time: 0s | source | bottom
1. agmm ◴[27 Jun 23 14:05 UTC] No.36492953[source]
I like to use `pbcopy` when exporting public keys to external services like GitHub.

`cat ~/.ssh/mykey.pub | pbcopy`

replies(2): >>36493226 #>>36493456 #
2. _rend ◴[27 Jun 23 14:22 UTC] No.36493226[source]
You can even simplify this further by feeding `pbcopy` the key directly using file redirection instead of a pipe:

`pbcopy < ~/.ssh/mykey.pub`

(I use this all the time myself!)

3. wincy ◴[27 Jun 23 14:35 UTC] No.36493456[source]
I love this tool too!

except one time I quickly typed

`cat ~/.ssh/mykey | pbcopy`

And sent it straight away to my coworker on Slack.

I then spent the rest of the day making a new private key and adding my new pubkey to all of the 1000+ servers I had root access to. I mean we had tools to help but it still wasn’t fun.

With great power/convenience comes the potential to do dumb things at lightning speeds!

replies(4): >>36493643 #>>36495123 #>>36496196 #>>36496552 #
4. oxygen_crisis ◴[27 Jun 23 14:46 UTC] No.36493643[source]
I might start naming my private key files ~/.ssh/keyname.PRIVATE after hearing that story...
replies(2): >>36494083 #>>36494368 #
5. plorkyeran ◴[27 Jun 23 15:16 UTC] No.36494083{3}[source]
That's not a bad idea. I've never actually made the same mistake, but I have caught it at the last moment and having tab complete not pick the private one first would help.
6. wincy ◴[27 Jun 23 15:34 UTC] No.36494368{3}[source]
It would have avoided it! I was using tab and forgot to select .pub as you correctly surmised. I was a junior dev at the time and all the seniors got a good laugh out of it, and I use it as a cautionary tale about trying to be TOO overeager and efficient.
7. gunapologist99 ◴[27 Jun 23 16:30 UTC] No.36495123[source]
Userify would have made that pretty painless (all it really seems to do is update the authorized_keys across all of your servers every minute or so)
replies(1): >>36498233 #
8. vinay_ys ◴[27 Jun 23 17:39 UTC] No.36496196[source]
If you literally have ssh root access to 1000+ servers, using certificates will be more secure and convenient than directly using public key.
9. xrisk ◴[27 Jun 23 18:08 UTC] No.36496552[source]
put your private key in something like Secretive: https://github.com/maxgoedjen/secretive
10. superq ◴[27 Jun 23 20:30 UTC] No.36498233{3}[source]
also userify allows you to set up sudo access on some of the servers and not others, so that'd take care of the other root-access issue you have. (sudo also provides auditing/logging controls that are useful in a multi-user environment)