Bug#274076: marked as done (ssh-copy-id does not fix permissions as advertised by the man page)

To: Colin Watson <cjwatson@debian.org>
Subject: Bug#274076: marked as done (ssh-copy-id does not fix permissions as advertised by the man page)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 07 May 2013 10:18:20 +0000
Message-id: <handler.274076.D274076.136792183515244.ackdone@bugs.debian.org>
References: <20130507101710.GA11527@riva.ucam.org> <20040929175648.GA9737@fanatic.elho.net>

Your message dated Tue, 7 May 2013 11:17:11 +0100
with message-id <20130507101710.GA11527@riva.ucam.org>
and subject line Re: Bug#274076: ssh-copy-id does not fix permissions as advertised by the man page
has caused the Debian Bug report #274076,
regarding ssh-copy-id does not fix permissions as advertised by the man page
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
274076: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274076
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssh-copy-id does not fix permissions as advertised by the man page
From: Elmar Hoffmann <elho@elho.net>
Date: Wed, 29 Sep 2004 19:56:48 +0200
Message-id: <20040929175648.GA9737@fanatic.elho.net>

Package: ssh
Version: 1:3.8.1p1-8
Severity: normal

According to ssh-copy-id(1), ssh-copy-id is supposed to fix
the permissions of ~, ~/.ssh and ~/.ssh/authorized_keys:

--8<---

It also changes the permissions of the remote user's home, ~/.ssh,  and
~/.ssh/authorized_keys  to remove group writability (which would other-
wise prevent you from logging in, if the remote  sshd  has  StrictModes
set in its configuration).

--8<---

However all it actually does is creating ~/.ssh and
~/.ssh/authorized_keys with the proper permissions if they do
not exist already.
It does not care at all about the permissions of the user's home
directory.

elmar

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.4.25-grsecurity-1.9.14
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8

Versions of packages ssh depends on:
ii  adduser                     3.59         Add and remove users and groups
ii  debconf                     1.4.36       Debian configuration management sy
ii  dpkg                        1.10.23      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-16 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7d-5     SSL shared libraries
ii  libwrap0                    7.6.dbs-6    Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1.2-1  compression library - runtime

-- debconf information:
  ssh/insecure_rshd:
  ssh/privsep_ask: true
* ssh/user_environment_tell:
* ssh/forward_warning:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/upgrade_to_openssh: true
* ssh/SUID_client: false
  ssh/protocol2_default:
* ssh/privsep_tell:
* ssh/ssh2_keys_merged:
  ssh/ancient_version:
  ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true

--- End Message ---

--- Begin Message ---

To: 274076-done@bugs.debian.org
Subject: Re: Bug#274076: ssh-copy-id does not fix permissions as advertised by the man page
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 7 May 2013 11:17:11 +0100
Message-id: <20130507101710.GA11527@riva.ucam.org>
In-reply-to: <20040929175648.GA9737@fanatic.elho.net>
References: <20040929175648.GA9737@fanatic.elho.net>

Source: openssh
Source-Version: 1:5.6p1-1

On Wed, Sep 29, 2004 at 07:56:48PM +0200, Elmar Hoffmann wrote:
> According to ssh-copy-id(1), ssh-copy-id is supposed to fix
> the permissions of ~, ~/.ssh and ~/.ssh/authorized_keys:
> 
> --8<---
> 
> It also changes the permissions of the remote user's home, ~/.ssh,  and
> ~/.ssh/authorized_keys  to remove group writability (which would other-
> wise prevent you from logging in, if the remote  sshd  has  StrictModes
> set in its configuration).
> 
> --8<---
> 
> However all it actually does is creating ~/.ssh and
> ~/.ssh/authorized_keys with the proper permissions if they do
> not exist already.
> It does not care at all about the permissions of the user's home
> directory.

ssh-copy-id(1) no longer makes this claim, as of 5.6p1.

  https://bugzilla.mindrot.org/show_bug.cgi?id=1786

20100919
 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
   details about its behaviour WRT existing directories.  Patch from
   asguthrie at gmail com, ok djm.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---

Reply to:

Prev by Date: Bug#275463: marked as done (ssh: MaxStartups default is very low)
Next by Date: Bug#149234: marked as done (ssh: scp linked with redundant shared libs)
Previous by thread: Bug#275463: marked as done (ssh: MaxStartups default is very low)
Next by thread: Bug#149234: marked as done (ssh: scp linked with redundant shared libs)
Index(es):
- Date
- Thread