It would be nice to have a way to login to a remote host and replace one key with another key quickly and safely. The command should do something like this. I think that sed -i or some combination of grep commands would be the way to do it. It should probably work like this: Login with the old key to add the new key If failure, print error If success, login with the new key and remove the old key. If failure, login with the old key and remove the new key. If success, print success.
Please see https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1342412 There is a fix (a new version of ssh-copy-id) in Ubuntu for this. https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/saucy/openssh/saucy/view/head:/contrib/ssh-copy-id Is it possible to fix this annoying (entering your password twice) behavior?
Hi sry for spamming this bug. I intended to post to https://bugzilla.mindrot.org/show_bug.cgi?id=2195, but somehow Bugzilla messed this up. Sorry again :(
(In reply to Paul Wise from comment #0) I think we'd need a new option in ssh to ensure that IdentityFile options in the ssh_config will not be honoured, otherwise there would be no certainty that the second login was really going via the new key, and we could end up locking people out. This bug highlights the problem: https://bugzilla.mindrot.org/show_bug.cgi?id=2331 Cheers, Phil.