@JaredBusch Thanks. This is great
Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.
So this process is really only something that should ever happen on a profile migration.
Ya it's a big advantage to having automounted home directories or having LDAP store the keys. You can easily revoke and add another key and have it work everywhere.
Or using Kerberos instead of pub/priv keys.
I realize @JaredBusch knows this, but for others who may not.