RFC: ssh-copy-id tweaks

Jim Knoble jmknoble at pobox.com
Tue Feb 5 22:23:27 EST 2008


Circa 2008-02-02 00:50 dixit Jim Knoble:

: I'm working on a rewrite of ssh-copy-id

The (nearly complete) rewrite of ssh-copy-id is available:

    http://www.jmknoble.net/openssh/ssh-copy-id

Differences from prior ssh-copy-id:

    (1) Searches for identities in the following order:

            [identities in ssh-agent]
            ~/.ssh/id_rsa.pub
            ~/.ssh/id_dsa.pub
            ~/.ssh/identity.pub

        Copies the first one available (more than one if ssh-agent has
        multiple identities loaded, see below).

    (2) Old ssh-copy-id overloaded two meanings onto the '-i' switch:

            (a) "Don't look for identities in ssh-agent"
            (b) "Use this identity file over here"

        [a] above has moved from '-i' (with no arguments) to '-A'.
        [b] above remains at '-i' (with an argument).  See the help
        (available with 'ssh-copy-id --help').

    (3) Allows one to use an alternate "dot-ssh" directory on the local
        host, by setting the SSH_DIR environment variable to the path to
        a directory.  Equivalent functionality on the remote side is not
        yet available.

    (4) Most importantly (it's what initiated this whole thread), only
        adds an identity to ~/.ssh/authorized_keys on the remote host if
        the public key isn't already present in some form.

    (5) It's more complex.  In order to be smart enough about how we do
        [4], we use awk, which may be present on the remote host as
        'gawk', 'mawk', 'nawk', or 'awk'.  We look for them, in that
        order, on the PATH.  You can correct the limited search used by
        setting the REMOTE_AWK environment variable to the path to the
        remote system's awk ('env REMOTE_AWK=/usr/bin/awk ssh-copy-id').

    (6) It executes commands on the remote host using 'sh'.  I believe
        it to be portable to situations where the remote user's shell is
        csh or tcsh, but i could be mistaken.  Please test that.

I'm a little worried about command-line length; the 'ssh' command has
gotten somewhat long.  Feedback about that would be handy as well.

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG key ID: 6F39C2CC  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 5024:D578:7CF4:5660:7269::F6F3:B919:9307:6F39:C2CC)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing.  --Aldous Huxley|
+----------------------------------------------------------------------+


More information about the openssh-unix-dev mailing list