Bug#322228: maintenance on ssh-copy-id
tag 322228 patch
thanks
1. Behaviour no longer varies with value of $GET_ID
Part of this looks intentional; maybe it used to be in a loop??
Perhaps until somebody wanted the default identity filename??;
2. --help is now useful even when you don't have any keys;
3. error messages from ssh-add are no longer appended to your
authorized_keys;
4. Don't print the noisy result of "eval";
5. Ensures sending the public key, even if a key name includes ".pub"
6. Exits if one gives multiple hostnames;
7. Notices errors in the remote commands (and local ones too!);
Also, the manpage says that it chmod g-w ~/{,.ssh{,authorized_keys}},
but actually it does not. It just creates them with usable permissions
if they don't exist.
One further thing. I wonder if it should warn/error before copying
multiple IDs (from ssh-agent).
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
1.
$ GET_ID=foo ssh-copy-id bar.com
/usr/bin/ssh-copy-id: line 27: foo: command not found
/usr/bin/ssh-copy-id: line 31: foo: command not found
/usr/bin/ssh-copy-id: ERROR: No identities found
$ GET_ID=foo ./bin/ssh-copy-id bar.com
./bin/ssh-copy-id: ERROR: No identities found
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2.
$ ssh-copy-id -h
/usr/bin/ssh-copy-id: ERROR: No identities found
$ ./bin/ssh-copy-id -h
Usage: ./bin/ssh-copy-id [-i [identity_file]] [user@]machine
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
3.
With an ssh-agent running, with no ssh1 id:
$ ssh-copy-id bar.com
jpryzby@bar.com's password:
Now try logging into the machine, with "ssh 'bar.com'", and check
...
$ ssh bar.com "sed -e 's/^/ /' .ssh/authorized_keys"
jpryzby@bar.com's password:
The agent has no identities.
Notice first that I was prompted for a password, and second that I was
prompted for a password because an error message from the first machine
was appended to the keys file on the second..
$ ./bin/ssh-copy-id bar.com
./bin/ssh-copy-id: ERROR: No identities found
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
4.
$ ssh-copy-id -i ./.ssh/bar_rsa bar.com
0
jpryzby@bar.com's password:
$ bin/ssh-copy-id -i ./.ssh/bar_rsa bar.com
jpryzby@bar.com's password:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
5.
$ bin/ssh-copy-id -i ./.ssh/vbrew.pub.com bar.com
$ head -1 .ssh/authorized_keys
2048 35 2157968288978529942993700297476742...
$ ssh-copy-id -i ./.ssh/vbrew.pub.com bar.com
$ head -1 .ssh/authorized_keys
SSH PRIVATE KEY FILE FORMAT 1.1
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
6.
$ ssh-copy-id -i ./.ssh/vbrew.pub.com bar.com baz.com
16
jpryzby@bar.com's password:
$ bin/ssh-copy-id -i ./.ssh/vbrew.pub.com bar.com baz.com
Usage: bin/ssh-copy-id [-i [identity_file]] [user@]machine
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
7.
(The old one does work pretty well, too)
$ bin/ssh-copy-id -i ./.ssh/vbrew.pub.com bar.com ; echo $?
jpryzby@bar.com's password:
bash: .ssh/authorized_keys: Permission denied
1
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
It's still functional:
$ bin/ssh-copy-id -i ./.ssh/bar_rsa bar.com
jpryzby@bar.com's password:
Now try logging into the machine, with "ssh 'bar.com'", and check
...
$ ssh -i .ssh/bar_rsa bar.com echo x
Enter passphrase for key '.ssh/bar_rsa':
x
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
With ssh-agent:
$ ssh-add ./.ssh/bar_rsa
Enter passphrase for ./.ssh/bar_rsa:
Identity added: ./.ssh/bar_rsa (./.ssh/bar_rsa)
(BTW, it shouldn't print the filename twice, when char *comment
is just xstrdup(file))
$ ./bin/ssh-copy-id bar.com
jpryzby@bar.com's password:
Now try logging into the machine, with "ssh 'bar.com'", and check
...
$ ssh bar.com echo x
x
--- /usr/bin/ssh-copy-id 2006-12-27 19:57:34.000000000 -0500
+++ bin/ssh-copy-id 2007-02-25 19:22:10.031368859 -0500
@@ -1,4 +1,5 @@
#!/bin/sh
+set -e
# Shell script to install your identity.pub on a remote machine
# Takes the remote machine name as an argument.
@@ -10,35 +11,33 @@
if [ "-i" = "$1" ]; then
shift
# check if we have 2 parameters left, if so the first is the new ID file
+ # otherwise it is the target host, and the default ID file is used
if [ -n "$2" ]; then
- if expr "$1" : ".*\.pub" ; then
+ if expr "$1" : ".*\.pub$" >/dev/null; then
ID_FILE="$1"
else
ID_FILE="$1.pub"
fi
- shift # and this should leave $1 as the target name
+ shift # and this should leave $1 as the target host
fi
else
if [ x$SSH_AUTH_SOCK != x ] ; then
- GET_ID="$GET_ID ssh-add -L"
+ # If there are no identities, ssh-add fails but prints to stdout
+ ID=`ssh-add -L` || ID=
fi
fi
-if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
- GET_ID="cat ${ID_FILE}"
-fi
-
-if [ -z "`eval $GET_ID`" ]; then
- echo "$0: ERROR: No identities found" >&2
- exit 1
-fi
-
-if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+if [ "$#" -ne 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
exit 1
+elif [ -z "$ID" ] && [ -r "$ID_FILE" ]; then
+ ID="`<$ID_FILE`"
+else
+ echo "$0: ERROR: No identities found" >&2
+ exit 1
fi
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
+echo "$ID" |ssh "$1" "set -e; umask 077; test -d .ssh || mkdir .ssh; cat >> .ssh/authorized_keys"
cat <<EOF
Now try logging into the machine, with "ssh '$1'", and check in:
@@ -46,5 +45,4 @@
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
-
EOF
Reply to: