I'd like to propose a couple of tweaks to ssh-copy-id:

o Change the default ID_FILE from identity.pub to id_dsa.pub or perhaps
{id_dsa,id_rsa,identity}.pub to cover all the bases, although the
patch below deals only with id_dsa.pub - it would need some more
tweaking to deal with more than one (possibly non-existent) file.

o If the destination authorized_keys file already contains the keys,
they should not be duplicated. I use ssh-copy-id in a regression harness
and I end up adding the same key tens or hundreds of times. I have not
seen any problem but it is somewhat distasteful.

The method proposed is frankly a hack, but it is simple and I think it
is foolproof and portable. At least initially, it will mess up the
order of the keys, but given that the file is mostly write-only by
humans, that should not make any difference.

Comments?

Thanks,
Nick

--- ssh-copy-id.orig 2008-01-31 12:01:03.000000000 -0500
+++ ssh-copy-id 2008-01-31 12:05:16.000000000 -0500
@@ -1,11 +1,11 @@
#!/bin/sh

-# Shell script to install your identity.pub on a remote machine
+# Shell script to install your id_dsa.pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

-ID_FILE="${HOME}/.ssh/identity.pub"
+ID_FILE="${HOME}/.ssh/id_dsa.pub"

if [ "-i" = "$1" ]; then
shift
@@ -38,7 +38,7 @@
exit 1
fi

-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys && sort -u -o .ssh/authorized_keys .ssh/authorized_keys" || exit 1

cat < Now try logging into the machine, with "ssh '$1'", and check in:



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev