Hacker News new | comments | show | ask | jobs | submit login

The instructions for adding a public key to the authorized_keys file are a bit reckless, as they will wipe out any others that exist. Although not universal (not included with Mac OS X, for example) the ssh-copy-id command is much preferable. At its most basic:

  ssh-copy-id example.com
Or, to specify a specific key & remote user:

  ssh-copy-id -i ~/.ssh/id_rsa.pub bob@example.com
This will properly append the key, with the bonus of securing the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys.



Or...

ssh bob@example.com 'cat >> .ssh/authorized-keys' < ~/.ssh/id_rsa.pub


This is not an idempotent operation, and I would not recommend this for anything besides a one-off event.


Interesting, I hadn't thought about it since, for my usage, setting up keys is pretty much always a one-off event (and pretty rare on top of that). What are the consequences of dropping your key into authorized_keys files multiple times? Tried it out on a Debian box, and didn't see any issues other than the obvious clutter.


"looks bad" :-)

But it's a bad habit to get into. Or better yet, it's better to think in idempotent operations when doing systems work.


Fair point, I'll update my instructions with a warning, and a version of your commands that works for OS X as well (OS X lacks ssh-copy-id). The instructions are intended for new server builds (hence installing Git etc.).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: