Ubuntu
openssh package

ssh-copy-id: fails to sanitize arguments

Bug #835901 reported by gpk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

When I run ssh-copy-id with the incorrect flag, I get this failure:

$ sudo bash
# ssh-copy-id -t /root/.ssh/id_rsa.pub <email address hidden>
Pseudo-terminal will not be allocated because stdin is not a terminal.
ssh: Could not resolve hostname umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys: Name or service not known
#

The correct flag is "-i", rather than "-t".

Now, ssh-copy-id is a shell script, and the last line of the error message is line 44 of the shell script. Apparently, $host is not set and then the command line is passed to ssh as the address. It's a bit of a mess.

ssh-copy-id should make some basic checks on its argument list.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: openssh-client 1:5.8p1-1ubuntu3
ProcVersionSignature: Ubuntu 2.6.38-11.48-generic 2.6.38.8
Uname: Linux 2.6.38-11-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Sun Aug 28 09:24:55 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
 LANGUAGE=en_GB:en
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
RelatedPackageVersions:
 ssh-askpass N/A
 libpam-ssh N/A
 keychain N/A
 ssh-askpass-gnome 1:5.8p1-1ubuntu3
SSHClientVersion: OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
SourcePackage: openssh
UpgradeStatus: Upgraded to natty on 2011-04-30 (119 days ago)
mtime.conffile..etc.ssh.ssh.config: 2010-10-18T20:51:49.940167

Revision history for this message
gpk (gpk-kochanski) wrote :
Serge Hallyn (serge-hallyn)
Changed in openssh (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for taking the time to report this bug. I trivially confirmed it with your example. I was thinking it was corrupting the authorized_keys, but as it isn't, and as the garbled response is reasonably obviously an indication of an error, I will mark priority low.

Changed in openssh (Ubuntu):
importance: High → Low
Revision history for this message
gpk (gpk-kochanski) wrote : Re: [Bug 835901] Re: ssh-copy-id: fails to sanitize arguments

Yep.

Here's a patch. This catches the case of mistyping the "-i" argument into
anything else, and also catches the generic case of any extra arguments.

$ diff -U 2 /usr/bin/ssh-copy-id /tmp/ssh-copy-id
--- /usr/bin/ssh-copy-id 2010-08-10 04:36:09.000000000 +0100
+++ /tmp/ssh-copy-id 2011-08-31 23:38:38.052511425 +0100
@@ -25,4 +25,9 @@
  fi

+if [ $# -gt 1 ]; then
+ echo "Usage: ssh-copy-id [-i id_file] [user@]machine" 1>&2
+ exit 1;
+fi
+
  if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
    GET_ID="cat ${ID_FILE}"

On 08/31/2011 11:01 PM, Serge Hallyn wrote:
> Thanks for taking the time to report this bug. I trivially confirmed it
> with your example. I was thinking it was corrupting the
> authorized_keys, but as it isn't, and as the garbled response is
> reasonably obviously an indication of an error, I will mark priority
> low.
>
> ** Changed in: openssh (Ubuntu)
> Importance: Undecided => High
>
> ** Changed in: openssh (Ubuntu)
> Status: New => Confirmed
>
> ** Changed in: openssh (Ubuntu)
> Importance: High => Low
>

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:6.2p1-2

---------------
openssh (1:6.2p1-2) unstable; urgency=low

  * Fix build failure on Ubuntu:
    - Include openbsd-compat/sys-queue.h from consolekit.c.
    - Fix consolekit mismerges in monitor.c and monitor_wrap.c.

 -- Colin Watson <email address hidden> Thu, 09 May 2013 09:45:57 +0100

Changed in openssh (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.