[Bug 2331] ssh-copy-id -i id_new.pub fails to copy that id, also: wrong error msg

Tue Jan 13 00:10:50 EST 2015

https://bugzilla.mindrot.org/show_bug.cgi?id=2331

--- Comment #4 from Thomas Waldmann <twaldmann at thinkmo.de> ---
And this is why the magic in ssh-copy-id (which I removed in the patch
I linked to) does not work, I used the same command as in the
ssh-copy-id magic:

$ ssh -v -i .ssh/tw_rsa4096_2015.pub -o
PreferredAuthentications=publickey -o IdentitiesOnly=yes
bugtest at localhost exit
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/tw/.ssh/config
debug1: /home/tw/.ssh/config line 37: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file .ssh/tw_rsa4096_2015.pub type 1
debug1: identity file .ssh/tw_rsa4096_2015.pub-cert type -1
debug1: identity file /home/tw/.ssh/tw_rsa4096_2015 type 1
debug1: identity file /home/tw/.ssh/tw_rsa4096_2015-cert type -1
debug1: identity file /home/tw/.ssh/tw_rsa_2008 type 1
debug1: identity file /home/tw/.ssh/tw_rsa_2008-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1*
compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305 at openssh.com <implicit>
none
debug1: kex: client->server chacha20-poly1305 at openssh.com <implicit>
none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA
a1:27:ba:68:70:26:fe:47:dd:96:0e:7c:b8:63:43:6f
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/tw/.ssh/known_hosts:938
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
XXX debug1: Offering RSA public key: /home/tw/.ssh/tw_rsa_2008
XXX debug1: Server accepts key: pkalg ssh-rsa blen 277
XXX debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: exit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow at openssh.com reply
0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2344, received 2340 bytes, in 0.0 seconds
Bytes per second: sent 807179.7, received 805802.2
debug1: Exit status 0
$ echo $?
0

See the 3 lines I marked with XXX - it gets in using the old key. So
the magic is using a wrong assumption (that not getting in means the
identity given with -i is still missing on the remote and that getting
in means the identity given with -i is already present on the remote),
see also what I said in the first post.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.