I'm wondering what's wrong with "scp -rp ~/.ssh user@host:~/" (assuming pword auth can be enabled momentarily).
(One of the reasons to use keys is to avoid password cracking, and/or enforce two-factor/multi-factor authentication/authorizaion in conjunction with sudo or a VPN or similar)
(Many security frameworks don't allow non-administrative users to have full control over keys, as this can lead to abuse, such as a member of the dba group, who can run certain commands as the oracle user with auditing, giving him/herself unrestricted/unaudited access to the oracle user account. Another example is if there are restrictions in the aurhorized keys entry, such as forced command, or sources that can use the key via 'from', 'no-port-forwarding', etc. etc. that should not be under the user's control )
We have historically used the LPK patch to OpenSSH, and we are transitioning to the AuthorizedKeysCommand feature, and have the two configurations above on all our production servers. Before the LPK patch, it was a non-trivial effort to add new users. I guess these days, puppet or chef would be other options too.