Ubuntu
openssh package

ssh-copy-id is out-of-date

Bug #121262 reported by Micah Cowan
2
Affects Status Importance Assigned to Milestone
openssh (Debian)
Fix Released
Unknown
openssh (Ubuntu)
Fix Released
Wishlist
Colin Watson

Bug Description

The ssh-copy-id program defaults to attempting to copy identity.pub instead of id_rsa.pub (should possibly check for both, but id_rsa.pub first). Appends these to authorized_keys, instead of the probably preferable authorized_keys2. Also, it uses "ssh-add -L"'s output in preference to identity.pub, but this includes the case when ssh-add -L gives "The agent has no identities" (in which case it returns a non-zero exit status (1)).

I'm not sure how important, if at all, the authorized_keys bit is, but I believe the rest of this behavior may be worked around by specifying the identity directly via the -i switch; therefore, I'll go ahead and set the priority myself, to Wishlist.

See original description
Revision history for this message
In , Adam Porter (alphapapa) wrote : /usr/bin/ssh-copy-id: Two years...easy fix...please?

Package: openssh-client
Version: 1:4.2p1-5
Followup-For: Bug #234627

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This would be a really easy bug to fix. It's been almost two years since it's been filed. Please?

- -- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-k7
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages openssh-client depends on:
ii adduser 3.80 Add and remove users and groups
ii debconf [debc 1.4.66 Debian configuration management sy
ii dpkg 1.13.11.0.1 package maintenance system for Deb
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
ii libcomerr2 1.38+1.39-WIP-2005.12.10-1 common error description library
ii libedit2 2.9.cvs.20050518-2.2 BSD editline and history libraries
ii libkrb53 1.4.3-5 MIT Kerberos runtime libraries
ii libncurses5 5.5-1 Shared libraries for terminal hand
ii libselinux1 1.26-1 SELinux shared libraries
ii libssl0.9.8 0.9.8a-5 SSL shared libraries
ii zlib1g 1:1.2.3-9 compression library - runtime

openssh-client recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDw0k+5+GdyTDsrJsRAth+AKC1s3h23hFWZYkeglWT2B2gM1G8FQCgyuAN
cOCay4aQbLoCyL80CmUJII8=
=Z+Lx
-----END PGP SIGNATURE-----

Revision history for this message
In , Greg Norris (haphazard) wrote : Re: Bug#234627: /usr/bin/ssh-copy-id: Two years...easy fix...please?

tags 234627 patch
stop

Here's a patch which implements the requested change. Please note that
I defaulted to the RSA public key (id_rsa.pub) rather than DSA, as it
appears to be the preferred format now that the relevant patent has
expired. Should you prefer to go with DSA instead, only trivial
modifications are required.

Revision history for this message
Micah Cowan (micahcowan) wrote :

The ssh-copy-id program defaults to attempting to copy identity.pub instead of id_rsa.pub (should possibly check for both, but id_rsa.pub first). Appends these to authorized_keys, instead of the probably preferable authorized_keys2. Also, it uses "ssh-add -L"'s output in preference to identity.pub, but this includes the case when ssh-add -L gives "The agent has no identities" (in which case it returns a non-zero exit status (1)).

I'm not sure how important, if at all, the authorized_keys bit is, but I believe the rest of this behavior may be worked around by specifying the identity directly via the -i switch; therefore, I'll go ahead and set the priority myself, to Wishlist.

Changed in openssh:
importance: Undecided → Wishlist
Soren Hansen (soren)
Changed in openssh:
status: New → Confirmed
Revision history for this message
Colin Watson (cjwatson) wrote :

See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221675; I couldn't link to both in the Debian bug link.

Using authorized_keys2 hasn't been a good idea for a long time. See /usr/share/doc/openssh-server/NEWS.Debian.gz:

openssh (1:3.0.1p1-1) unstable; urgency=high

  As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2
  keys. This means the authorized_keys2 and known_hosts2 files are no longer
  needed. They will still be read in order to maintain backward
  compatibility.

 -- Matthew Vernon <email address hidden> Thu, 28 Nov 2001 17:43:01 +0000

Revision history for this message
In , Colin Watson (cjwatson) wrote : tagging 234627

# Automatically generated email from bts, devscripts version 2.9.26
tags 234627 pending

Revision history for this message
Colin Watson (cjwatson) wrote :

I've committed a fix to my Debian tree.

Changed in openssh:
assignee: nobody → kamion
status: Confirmed → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in openssh:
status: Unknown → Fix Committed
Revision history for this message
In , Colin Watson (cjwatson) wrote : Bug#234627: fixed in openssh 1:4.6p1-5
Download full text (4.2 KiB)

Source: openssh
Source-Version: 1:4.6p1-5

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_4.6p1-5_powerpc.udeb
  to pool/main/o/openssh/openssh-client-udeb_4.6p1-5_powerpc.udeb
openssh-client_4.6p1-5_powerpc.deb
  to pool/main/o/openssh/openssh-client_4.6p1-5_powerpc.deb
openssh-server-udeb_4.6p1-5_powerpc.udeb
  to pool/main/o/openssh/openssh-server-udeb_4.6p1-5_powerpc.udeb
openssh-server_4.6p1-5_powerpc.deb
  to pool/main/o/openssh/openssh-server_4.6p1-5_powerpc.deb
openssh_4.6p1-5.diff.gz
  to pool/main/o/openssh/openssh_4.6p1-5.diff.gz
openssh_4.6p1-5.dsc
  to pool/main/o/openssh/openssh_4.6p1-5.dsc
ssh-askpass-gnome_4.6p1-5_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5_powerpc.deb
ssh-krb5_4.6p1-5_all.deb
  to pool/main/o/openssh/ssh-krb5_4.6p1-5_all.deb
ssh_4.6p1-5_all.deb
  to pool/main/o/openssh/ssh_4.6p1-5_all.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <email address hidden> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 30 Jul 2007 09:34:38 +0100
Source: openssh
Binary: ssh-askpass-gnome ssh-krb5 openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source powerpc all
Version: 1:4.6p1-5
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <email address hidden>
Changed-By: Colin Watson <email address hidden>
Description:
 openssh-client - secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell server, an rshd replacement
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5 - secure shell client and server (transitional package)
Closes: 221675 234627 291534 431970
Changes:
 openssh (1:4.6p1-5) unstable; urgency=low
 .
   * Identify ssh as a metapackage rather than a transitional package. It's
     still useful as a quick way to install both the client and the server.
   * ssh-copy-id now checks the exit status of ssh-add -L (thanks, Adeodato
     Simó; closes: #221675).
   * ssh-copy-id no longer prints the output of expr (thanks, Peter
     Eisentraut; closes: #291534).
   * ssh-copy-id defaults to ~/.ssh/id_rsa.pub rather than
     ~/.ssh/identity.pub, in line with ssh-keygen (thanks, Greg Norris;
     closes: #234627).
   * Build-depend on libselinux1-dev on lpia.
   * openssh-client Suggests: keychain.
   * debconf template tran...

Read more...

Bug Watch Updater (bug-watch-updater)
Changed in openssh:
status: Fix Committed → Fix Released
Revision history for this message
In , Debbugs Internal Request (owner-bugs) wrote : Internal Control

# A New Hope
# A log time ago, in a galaxy far, far away
# something happened.
#
# Magically this resulted in the following
# action being taken, but this fake control
# message doesn't tell you why it happened
#
# The action:
# Bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator

Revision history for this message
Colin Watson (cjwatson) wrote :

Fixed a while back, in gutsy:

openssh (1:4.6p1-5) unstable; urgency=low

  * Identify ssh as a metapackage rather than a transitional package. It's
    still useful as a quick way to install both the client and the server.
  * ssh-copy-id now checks the exit status of ssh-add -L (thanks, Adeodato
    Simó; closes: #221675).
  * ssh-copy-id no longer prints the output of expr (thanks, Peter
    Eisentraut; closes: #291534).
  * ssh-copy-id defaults to ~/.ssh/id_rsa.pub rather than
    ~/.ssh/identity.pub, in line with ssh-keygen (thanks, Greg Norris;
    closes: #234627).
  * Build-depend on libselinux1-dev on lpia.
  * openssh-client Suggests: keychain.
  * debconf template translations:
    - Update Catalan (thanks, Jordà Polo; closes: #431970).

 -- Colin Watson <email address hidden> Mon, 30 Jul 2007 09:34:38 +0100

Changed in openssh:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.