Module key_push 

Push a public key onto a remote host’s ~/.ssh/authorized_keys.

Equivalent of ssh-copy-id without the dependency: spawns a single ssh invocation per host, pipes the public key over stdin, and runs an idempotent shell snippet on the remote that creates ~/.ssh if missing and appends the key only when it is not already present.

The remote snippet never sees the pubkey via the shell command line (which would require fragile escaping). Stdin is the canonical channel for binary-ish content over SSH.

Structs

KeyPushResult

One row in the in-flight push result list. Populated as worker threads complete and surfaced to the UI via AppEvent::KeyPushResult.

Enums

KeyPushOutcome

Outcome for one host in a push run. The renderer summarises these into a toast (when every entry is Appended / AlreadyPresent) or a sticky error block (when at least one is Failed).

PubkeyValidationError

Validation outcome for a public-key file’s contents.

Constants

PUBKEY_MAX_BYTES

Maximum size of a .pub file we will accept. OpenSSH’s RSA-8192 keys serialise to ~3 KiB; we cap at 16 KiB to leave headroom for comments and reject pathological inputs (symlinks to logs, /dev/urandom).

Functions

classify_stdout

Parse the remote snippet’s stdout into an outcome. Pure helper so the worker and tests share the same classification. Match is against the last non-empty line (stripped of trailing CR) so motd or login-banner output before the marker is tolerated.

pubkey_path_for

Resolve the local public-key path for a key whose display_path is ~/.ssh/id_ed25519. Expands the tilde and appends .pub. The caller is expected to validate the file exists before reading.

push_to_host

Push pubkey to the remote alias over SSH. Synchronous: spawns ssh -F <config_path> -T -o ConnectTimeout=10 -- <alias> <REMOTE_SNIPPET>, pipes pubkey to stdin, waits for the child to finish, and returns the parsed outcome. The cancel flag is observed before the spawn so a rapid Esc after launching the batch can short-circuit pending hosts.

read_pubkey_file

Read a .pub file with a hard byte cap and reject anything that is not a regular file. On Unix the open uses O_NOFOLLOW so a symlink at the .pub path errors out instead of silently dereferencing into a log file or /dev/urandom.

validate_pubkey

Parse and validate a .pub file’s contents into a single canonical authorized_keys line. Rejects multi-line input (which would silently install several keys, including embedded command= clauses), unknown algorithms, and unparseable base64 bodies. The returned string is trimmed of trailing whitespace / CR so the remote grep -qxF dedup step matches byte-for-byte across pushes.