Bug#858646: openssh-client: security update of ssh-copy-id breaks previous behaviour by searching for matching private key

[Colin Watson <cjwatson@debian.org>]

On Fri, Mar 24, 2017 at 09:13:49PM +0100, Pierre Colombier wrote:
> I made security updates on jessie (can't remember last version I had
> of this package) but the update broke previous behaviour wich is bad
> on a stable release.
> 
> now the ssh-copy-id tool used with the -i option checks for a matching
> private key.  at least half of my use of this tool is to add public
> keys of other peoples.

I think we need you to find out the previous version that worked for
you, because as far as I can tell (and I just checked), none of the
security updates to OpenSSH since jessie became stable has touched
ssh-copy-id in any way.

I believe that you are incorrect that this was a regression introduced
in the course of a stable release; rather, it appears to have been
introduced upstream in OpenSSH 6.2p1 (git commit
83efe7c86168cc07b8e6cc6df6b54f7ace3b64a3), which was some time before
jessie became stable.

> This was reported as a bug upstream and it has been solved by adding a
> -f option.
> 
> https://bugzilla.mindrot.org/show_bug.cgi?id=2110

That's certainly helpful, but it's not a completely trivial patch so
it's not clear whether I'd get it into a stable update.  It might be
better to do this via backports, since the upstream change in question
(git commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c) was part of
OpenSSH 7.2p1 and has been in testing for some time.

-- 
Colin Watson                                       [cjwatson@debian.org]