RFC: ssh-copy-id tweaks
Jim Knoble
jmknoble at pobox.com
Wed Feb 6 06:50:19 EST 2008
Circa 2008-02-05 12:16 dixit Peter Stuge:
: I too think that it would be good to reuse existing code rather
: than writing a new implemention using sh and awk.
The biggest problem with a sh implementation is how (and how much) to
validate the keys before adding them to authorized_keys. The OpenSSH
codebase obviously already has stuff to do that.
Another sizable part of the script is gracefully degrading when stuff
we need isn't present ('awk' on both the local and remote ends being a
prime example) and other user interaction.
After thinking about this some more, we might be able to dispense
with 'awk' if we felt sure we could rely on 'cut' being present
remotely.
It may even be better to fully parse the keys on the local side.
This might even be able to help us avoid transmitting more than one key
in the event the ssh-agent contains multiple identities (i'm still not
completely satisfied with that area of ssh-copy-id---i'd rather we only
copy one identity at a time as opposed to slopping them all in there,
hoping for the best, and telling the user to go see if there are any
"extra unexpected" keys in ~/.ssh/authorized_keys).
: > Just I doubt it would be cleaner any other way.
:
: I don't doubt so much. The local part of the tool would be much
: cleaner.
Particularly in the area of parsing/validating the keys....
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: 6F39C2CC >>>>>> http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 5024:D578:7CF4:5660:7269::F6F3:B919:9307:6F39:C2CC)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing. --Aldous Huxley|
+----------------------------------------------------------------------+
More information about the openssh-unix-dev
mailing list