Re: RFC: ssh-copy-id tweaks
This is a discussion on Re: RFC: ssh-copy-id tweaks within the OpenSSH Development forums, part of the Networking and Network Related category; Geesh, I knew a better solution would be more complex, but this is starting to be scary. =) In some respects ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-05-2008
|
|||
|
|||
Re: RFC: ssh-copy-id tweaks
Geesh, I knew a better solution would be more complex, but this is starting to be scary. =) In some respects it is sad that VanDyke's proposed key management RFC has stalled (or was stalled last I checked). I'd almost advocate looking at this from another direction and seeing if ssh-agent or some other tool leveraging the openssh base code for testing and validating these things. Just I doubt it would be cleaner any other way. - Ben On Tue, 5 Feb 2008, Jim Knoble wrote: > Circa 2008-02-02 00:50 dixit Jim Knoble: > > : I'm working on a rewrite of ssh-copy-id > > The (nearly complete) rewrite of ssh-copy-id is available: > > http://www.jmknoble.net/openssh/ssh-copy-id > > Differences from prior ssh-copy-id: > > (1) Searches for identities in the following order: > > [identities in ssh-agent] > ~/.ssh/id_rsa.pub > ~/.ssh/id_dsa.pub > ~/.ssh/identity.pub > > Copies the first one available (more than one if ssh-agent has > multiple identities loaded, see below). > > (2) Old ssh-copy-id overloaded two meanings onto the '-i' switch: > > (a) "Don't look for identities in ssh-agent" > (b) "Use this identity file over here" > > [a] above has moved from '-i' (with no arguments) to '-A'. > [b] above remains at '-i' (with an argument). See the help > (available with 'ssh-copy-id --help'). > > (3) Allows one to use an alternate "dot-ssh" directory on the local > host, by setting the SSH_DIR environment variable to the path to > a directory. Equivalent functionality on the remote side is not > yet available. > > (4) Most importantly (it's what initiated this whole thread), only > adds an identity to ~/.ssh/authorized_keys on the remote host if > the public key isn't already present in some form. > > (5) It's more complex. In order to be smart enough about how we do > [4], we use awk, which may be present on the remote host as > 'gawk', 'mawk', 'nawk', or 'awk'. We look for them, in that > order, on the PATH. You can correct the limited search used by > setting the REMOTE_AWK environment variable to the path to the > remote system's awk ('env REMOTE_AWK=/usr/bin/awk ssh-copy-id'). > > (6) It executes commands on the remote host using 'sh'. I believe > it to be portable to situations where the remote user's shell is > csh or tcsh, but i could be mistaken. Please test that. > > I'm a little worried about command-line length; the 'ssh' command has > gotten somewhat long. Feedback about that would be handy as well. > > -- > jim knoble | jmknoble@pobox.com | http://www.pobox.com/~jmknoble/ > (GnuPG key ID: 6F39C2CC >>>>>> http://www.pobox.com/~jmknoble/keys/ ) > (GnuPG fingerprint: 5024:D578:7CF4:5660:7269::F6F3:B919:9307:6F39:C2CC ) > +----------------------------------------------------------------------+ > |[L]iberty, as we all know, cannot flourish in a country that is perma-| > | nently on a war footing, or even a near-war footing. --Aldous Huxley| > +----------------------------------------------------------------------+ > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
