Standard practice would be to display the ssh key's fingerprint and ask the user to validate it before importing it automatically.
-- ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file https://bugs.launchpad.net/bugs/524226 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
