ssh-copy-id vs PasswordAuthentication no

[TJ Saunders]

> I wonder whether "please add this pubkey for target user X (without 
> telling me which file exactly it went into), after I auth for either X 
> or root" would be suitably well-defined a task to roll a standardized 
> API + Subsystem implementation that a remote rollout tool would have to 
> only throw auth, username and pubkey at?

Something like the "publickey" SSH subsystem?
  https://www.ietf.org/rfc/rfc4819.txt

Cheers,
TJ