Once you disable password authentication for SSH login, what is the way to get a new public key into the server?
Background:
I have had this issue forever-and-a-day, I have a server setup in another building. It does not allow password logins and a keys need to be exchanged.
When I'm at home and I've got a new box setup, I can't push the public key to the server. A workaround has always been to have one computer somewhere on the network that allows password logins and leap-frog into the main server. That way I can log into server 2 to get to server 1 to add the public key from guest.
Is the accepted and general way to walk the public key in on a physical key?
The only other way I could think of (and not sure it would work, or whether users would particularly like it) would be to generate a key pair n the server and send the keys to the user (being sure to delete the private key from the server where it was issued). The main issue with this being someone other than the user has had access to the private key.