On Tue, 10 Dec 2024, Philip Hands wrote: > > IMO it's probably ssh-copy-id that needs to change. It looks like it > > filters public keys by trying them against a target host. > > That is indeed how it currently works. > > > IMO it should check them directly against authorized_keys on the > > target system, > > It's not clear to me how that can be reliably achieved. People quite > often add keys via other means, like getting them from LDAP, or having a > system-wide config in addition to the keys in authorized_keys, and > that's for things where the other end is openssh. How about this: if authorized_keys exists, then check it, otherwise fall back to trying each key sequentially. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev