bugzilla-daemon at mindrot.org
2013-Jul-15 19:47 UTC
[Bug 2128] New: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Bug ID: 2128 Summary: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file Product: Portable OpenSSH Version: -current Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: ssh-copy-id Assignee: unassigned-bugs at mindrot.org Reporter: justinleegarrison at gmail.com When running ssh-copy-id, the script doesn't do any checking to see if the public key already exists in the remote authorized_keys file. If the script is run multiple times (on purpose or by accident) the file not only gets cluttered but also can get quite large if key distribution is set to run via cron. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Jul-15 20:35 UTC
[Bug 2128] ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Justin Garrison <justinleegarrison at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |justinleegarrison at gmail.com --- Comment #1 from Justin Garrison <justinleegarrison at gmail.com> --- Created attachment 2317 --> https://bugzilla.mindrot.org/attachment.cgi?id=2317&action=edit Alternate ssh-copy-id script I added the following check to to ssh-copy-id script from my Linux Mint 15 (OpenSSH 6.1p1) machine. grep -f ~/.ssh/authorized_keys > /dev/null 2>&1; ! [ -a ~/.ssh/authorized_keys ] || [ $? -ne 0 ] && (please view the attached file for context) I also verified that the modified section was the same on RHEL 6.4 (OpenSSH 5.3) and Fedora 14 (OpenSSH 5.5p1) but could not verify the file contents from the latest OpenSSH package. I am assuming the line is the same in the latest version. This test will check if the public key contents already exists in the authorized_keys file or if the authorized_keys file does not exist. If the public key is already in the file or it does not exist then the public key contents will be appended to the file (and create it if necessary). -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Nov-25 22:32 UTC
[Bug 2128] ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Philip Hands <phil at hands.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED CC| |phil at hands.com --- Comment #2 from Philip Hands <phil at hands.com> --- The updated ssh-copy-id that has been included since openssh-6.2 now does check for already installed keys -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:41 UTC
[Bug 2128] ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file
https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 1326] New: Allow non-public-key credentials in authorized_keys file ( Kerberos, etc.)
- [Bug 3191] New: Issues when authorized_keys contains more than one ecdsa-sk public key
- patch proposal for ssh-copy-id script
- CA Signed Public Key User Authentication does not honor ~/.ssh/authorized_keys
- Retrieving authorized_keys via remote script