Bug#690230: marked as done (ssh-copy-id: Work on SELinux enabled boxen)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 4 Nov 2012 02:38:55 +0100
with message-id <20121104023855.6d24dc6a@fornost.bigon.be>
and subject line Re: ssh-copy-id: Work on SELinux enabled boxen
has caused the Debian Bug report #690230,
regarding ssh-copy-id: Work on SELinux enabled boxen
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
690230: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690230
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ssh-copy-id: Work on SELinux enabled boxen
• From: Alok G Singh <alephnull@gmail.com>
• Date: Thu, 11 Oct 2012 17:18:54 +0530
• Message-id: <20121011114854.26994.22192.reportbug@weyl>

Package: openssh-client
Version: 1:6.0p1-3
Severity: normal
Tags: patch

Dear Maintainer,

On boxen with SELinux in enforcing mode, one needs to perform a restorecon for authorized_keys 
to be usable by the ssh server. ssh_home_dir is the context on RHEL 6. 

Please consider adding this in the next release as RHEL (and CentOS, I presume) ship with SELinux 
in enforcing mode.

The restorecon -R .ssh might be a hammer. I can resubmit specifically targetting ~/.ssh/authorized_keys
if needed.

*** selinux.patch
--- ssh-copy-id	2012-08-17 15:55:51.095493075 +0530
+++ ssh-copy-id.orig	2012-08-17 15:41:19.363523922 +0530
@@ -41,7 +41,7 @@
 # strip any trailing colon
 host=`echo $1 | sed 's/:$//'`
 
-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon -R .ssh"  || exit 1
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
 
 cat <<EOF
 Now try logging into the machine, with "ssh '$host'", and check in:


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.46
ii  dpkg                   1.16.8
ii  libc6                  2.13-35
ii  libedit2               2.11-20080614-5
ii  libgssapi-krb5-2       1.10.1+dfsg-2
ii  libselinux1            2.1.9-5
ii  libssl1.0.0            1.0.1c-4
ii  passwd                 1:4.1.5.1-1
ii  zlib1g                 1:1.2.7.dfsg-13

Versions of packages openssh-client recommends:
ii  openssh-blacklist        0.4.1+nmu1
ii  openssh-blacklist-extra  0.4.1+nmu1
ii  xauth                    1:1.0.7-1

Versions of packages openssh-client suggests:
ii  keychain      2.7.1-1
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 690230-done@bugs.debian.org
• Subject: Re: ssh-copy-id: Work on SELinux enabled boxen
• From: Laurent Bigonville <bigon@debian.org>
• Date: Sun, 4 Nov 2012 02:38:55 +0100
• Message-id: <20121104023855.6d24dc6a@fornost.bigon.be>

Version: 1:6.0p1-3

Hi,

This has already been fixed in the version 1:6.0p1-3, see bug #658675.

Closing this bug,

Laurent Bigonville

--- End Message ---