Alternatives¶

Why use SSH Deploy Key?

The Case¶

There are lots of ways to copy out an ssh key to a remote host, such as by hand, with ssh-copy-id, or with configuration management tools.

Although ssh-deploy-key is not ideal for every situation, its speed and ease of use make it a good choice in many cases.

Alternatives¶

Clearly there are other good options for deploying ssh keys.

Deploying by Hand¶

ssh-deploy-key cannot deploy an ssh key to a host is on a different network, behind a jump box. In that case, deployment by hand is the way to go. But in other cases, ssh-copy-id is a better option. Even when just copying a key out to a single host, it’s a faster, easier, and more reliable option. These advantages only increase when copying keys out to multiple hosts.

ssh-copy-id¶

ssh-copy-id is a great tool, but it’s not the ideal solution for every scenario.

ssh-copy-id is not installed by default on all systems, notably on Mac OS.

ssh-copy-id has no concept of ‘smart append’. It will append a key to the authorized keys file regardless of whether that key is already present.

Scripting the use of ssh-copy-id for deploying to multiple remote hosts can be challenging:

Password is entered interactively for each host.

In the case where there are numerous remote hosts that have not seen before, you’d need to interactively allow each host to be added to your known_hosts file.

Configuration Management Tools¶

Configuration management tools like Puppet, Chef, Ansible, etc. can do a fine job of deploying your ssh key(s) to numerous remote hosts. But if you are not already set up to use them for key distribution, this solution can be overkill.