[Bug 2331] New: ssh-copy-id -i id_new.pub fails to copy that id, also: wrong error msg
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jan 7 09:57:07 EST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2331
Bug ID: 2331
Summary: ssh-copy-id -i id_new.pub fails to copy that id, also:
wrong error msg
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh-copy-id
Assignee: unassigned-bugs at mindrot.org
Reporter: twaldmann at thinkmo.de
On the server, password auth is disabled, I log in via pubkey auth and
have an "old" pubkey installed there and can successfully log in with
it.
Now I want to install a new (stronger) pubkey and use:
ssh-copy-id -i .ssh/id_new.pub user at remote
It fails with:
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they
already exist on the remote system.
This is wrong, the pubkey I gave with -i ... does not exist on the
remote system.
This is because it obviously has a broken check for which keys it needs
to copy.
While it works perfectly if there is no key installed yet on the remote
(and pw auth still enabled), it fails if it already has an old working
pubkey there because it uses pubkey-login-failure to detect a missing
key and assumes that only the key given with -i is used. But in fact,
it also uses keys from the config (where I have my old key configured).
I could make -i work with this patch:
https://paste.thinkmo.de/Unr2wWqd#ssh-copy-id-with-i-arg.txt
This basically killed all the magic happening in the detection and just
"does what I say". Of course this only works for the special -i xxx
case and needs a better fix for the generic case.
I think it would need something like "CommandLineGivenIdentitiesOnly"
as "IdentitiesOnly" does obviously not work as the author of that code
expected.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list