https://bugzilla.mindrot.org/show_bug.cgi?id=1980
--- Comment #7 from Damien Miller <[email protected]> --- I'd like to get this in shortly. Some comments on the revised script: 35 DEFAULT_PUB_ID_FILE=$(ls -t ${HOME}/.ssh/*.pub | head -n 1) The man page says that the default behaviour is to copy id*.pub. I think copying id* is a better idea too. You also need to exclude *-cert.pub as these don't have any place in authorized_keys. 67 GETOPT_PARSED=$(getopt --options 'i::p:nh?' --name "$0" --quiet -- "$@") Please consider passing through all -o options directly to the ssh commandline. 131 populate_new_ids() { The old ssh-copy-id script didn't do this and I can't say that I'm thrilled with the extra complexity it requires. It also has the potential to be quite slow when a number of key are to be copied. authorized_keys doesn't care if the IDs already exist, but I guess it would be worthwhile to ensure that an ID with key options isn't clobbered by one that lacks them. IMO it would be better to do everything in one ssh run: connect, grep for the keys in authorized_keys and add them if they aren't already there. If this leads to too long a command-line then you might need to consider piping in a script to "ssh user@host sh". 182 if [ $? = 255 ] ; then 183 echo "$0: WARNING: NetScreen only supports dsa keys" >&2 IMO it would be better to grep for "ssh-dsa" in the key strings rather than sending them to the remote host. 193 # Assuming default being OpenSSH I think it would be a good idea to verify this assumption. e.g. by doing a "test -x ssh-keygen || exit 1" early in the commandline. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
