ssh-copy-id usability improvement

Philip Hands phil at hands.com
Thu Nov 8 21:58:07 EST 2012


Amir Yalon <yxejamir at gmail.com> writes:
> Hi,

Hi Amir,

> I had trouble recently with using the ssh-copy-id -i switch (in
> portable OpenSSH’s contrib/), where it told me that “no identities
> found”, while I the file existed and contained a valid public key text
> line. The problem was, that the file was named something.key in stead
> of something.pub, and the script tried to read the non-existent
> something.key.pub.
>
> The two small patches below fix that, by checking that
> something.key.pub exists before adding the .pub suffix to
> something.key. Feedback is welcome, of course.

The advantage of the current approach is that it will only publish a
file to another server if it has the .pub suffix.

With your patch, I see the very slight possibility that one might manage
to lose the .pub file for a key, and then end up mistakenly using
ssh-copy-id to push a copy of your private key out.

Given that one can fix the problem you had by adding a symlink:

  something.key.pub --> something.key

I would think that the problem that perhaps needs fixing is that the
error message you were given could probably have been more helpful.

BTW I have a more up to date version of ssh-copy-id here:

  http://git.hands.com/ssh-copy-id

which checks that the key you specified is loadable before bothering to
push the .pub, which will work even less well for your scenario I'm
afraid, as it will not be able to work out the name of the private key.

If you can see a useful way of making this work for you, feel free to
suggest it, or clone the git and send me a patch or the URL for your git
once you have a patch.

Cheers, Phil.

P.S. regarding my previous attempt to get my version of ssh-copy-id
adopted for the ssh contrib dir, I note that I dropped the ball on this
bug:

  https://bugzilla.mindrot.org/show_bug.cgi?id=1980

I've now fixed the ${1%:} problem, so I'll update the bug and perhaps we
can get the new version into ssh's contrib.
-- 
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20121108/cd91c96a/attachment.bin>


More information about the openssh-unix-dev mailing list