bugzilla-daemon at mindrot.org
2023-Jan-23 21:34 UTC
[Bug 3527] New: ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527
Bug ID: 3527
Summary: ssh-copy-id broken for dropbear
Product: Portable OpenSSH
Version: 9.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh-copy-id
Assignee: unassigned-bugs at mindrot.org
Reporter: stephan+openssh at asklandd.dk
Created attachment 3653
--> https://bugzilla.mindrot.org/attachment.cgi?id=3653&action=edit
ssh-copy-id with commented out dropbear bug.
The script assumes that systems running dropbear SSH server must save
the authorized key in /etc/dropbear/authorized_keys [1]. But this is
not the default for dropbear, so I think it's fair to consider it a bug
and fix it.
By default dropbear saves user ssh keys in the usual
~/.ssh/authorized_keys and therefore needs no special handling in
ssh-copy-id.
The bug affects all Buildroot systems, and anything else with an
unmodified dropbear.
I commented out the dropbear) block in my ssh-copy-id and now it works
as expected, i.e. I can ssh-copy-id to a remote running dropbear, the
keys are added to the remote ~/.ssh/authorized_keys, and I can ssh to
remote without password prompt afterwards.
It's possible this dropbear switch bug was added by someone who uses
system, that runs a modified version of dropbear, perhaps router of
some sort.
1:
https://github.com/openssh/openssh-portable/blob/master/contrib/ssh-copy-id#L338
--
Your,
Stephan
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-23 21:36 UTC
[Bug 3527] ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527 --- Comment #1 from stephan+openssh at asklandd.dk <stephan+openssh at asklandd.dk> --- Showing affected version of OpenSSH $ pacman -Qo /usr/bin/ssh-copy-id /usr/bin/ssh-copy-id is owned by openssh 9.1p1-3 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-23 21:37 UTC
[Bug 3527] ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527 --- Comment #2 from stephan+openssh at asklandd.dk <stephan+openssh at asklandd.dk> --- $ ssh -V OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022 $ ssh -V OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-23 21:41 UTC
[Bug 3527] ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527 --- Comment #3 from stephan+openssh at asklandd.dk <stephan+openssh at asklandd.dk> --- Oh, I just realized this: https://github.com/openssh/openssh-portable/pull/250 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-31 06:12 UTC
[Bug 3527] ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
Assignee|unassigned-bugs at mindrot.org |phil at hands.com
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-31 13:08 UTC
[Bug 3527] ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527
Alexander Dahl <post at lespocky.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |post at lespocky.de
--- Comment #4 from Alexander Dahl <post at lespocky.de> ---
Confirmed for OpenSSH_8.4p1 on Debian GNU/Linux 11 (bullseye) against
dropbear 2022.83 built with ptxdist.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 23:46 UTC
[Bug 3527] ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Attachment #3653|application/octet-stream |text/plain
mime type| |
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 23:48 UTC
[Bug 3527] ssh-copy-id broken for dropbear
https://bugzilla.mindrot.org/show_bug.cgi?id=3527
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
AFAIK this was fixed in openssh-9.5 (commit bdcaf793902943)
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- Bug: ssh-copy-id mishandles dropbear
- [Bug 3786] New: openssh client no longer connects to dropbear server
- [Bug 2232] New: curve25519-sha256@libssh.org Signature Failures When 'ssh' Used with Dropbear, libssh Servers
- Bug: ssh-copy-id mishandles dropbear
- Using Dropbear for RTOS which is not POSIX complaint?