Re: RFC: ssh-copy-id tweaks

On Tue, Feb 05, 2008 at 10:52:13AM -0600, Ben Lindstrom wrote:
> On Tue, 5 Feb 2008, Jim Knoble wrote:
> > The (nearly complete) rewrite of ssh-copy-id is available:
> >
> > http://www.jmknoble.net/openssh/ssh-copy-id

Now that's what I call a script. I like the many layers of quotes
in the scripts being sent over to the remote side.


> Geesh, I knew a better solution would be more complex, but this is
> starting to be scary. =)

Agree.


> I'd almost advocate looking at this from another direction and
> seeing if ssh-agent or some other tool leveraging the openssh base
> code for testing and validating these things.

I too think that it would be good to reuse existing code rather
than writing a new implemention using sh and awk.


> Just I doubt it would be cleaner any other way.

I don't doubt so much. The local part of the tool would be much
cleaner.

Question is how much the remote part can improve if there is to be
zero dependencies. On one hand it's nice to be independent, on the
other hand OpenSSH will already be installed on the remote host.

We could ship a helper (or subsystem) for rewriting authorized_keys.
Yes yes, I am re-inventing key management, but so what - it doesn't
have to be very complicated and could easily be replaced with a
standardized implementation if/when a standard is decided on.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev