openssh bugs - Jul 2013 - [Bug 2128] New: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file

https://bugzilla.mindrot.org/show_bug.cgi?id=2128

            Bug ID: 2128
           Summary: ssh-copy-id doesn't check if a public key already
                    exists in a remote servers ~/.ssh/authorized_keys file
           Product: Portable OpenSSH
           Version: -current
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-copy-id
          Assignee: unassigned-bugs at mindrot.org
          Reporter: justinleegarrison at gmail.com

When running ssh-copy-id, the script doesn't do any checking to see if
the public key already exists in the remote authorized_keys file. If
the script is run multiple times (on purpose or by accident) the file
not only gets cluttered but also can get quite large if key
distribution is set to run via cron.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2128

Justin Garrison <justinleegarrison at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |justinleegarrison at gmail.com

--- Comment #1 from Justin Garrison <justinleegarrison at gmail.com> ---
Created attachment 2317
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2317&action=edit
Alternate ssh-copy-id script

I added the following check to to ssh-copy-id script from my Linux Mint
15 (OpenSSH 6.1p1) machine.

grep -f ~/.ssh/authorized_keys > /dev/null 2>&1; ! [ -a
~/.ssh/authorized_keys ] || [ $? -ne 0 ] && 

(please view the attached file for context)

I also verified that the modified section was the same on RHEL 6.4
(OpenSSH 5.3) and Fedora 14 (OpenSSH 5.5p1) but could not verify the
file contents from the latest OpenSSH package. I am assuming the line
is the same in the latest version.

This test will check if the public key contents already exists in the
authorized_keys file or if the authorized_keys file does not exist. If
the public key is already in the file or it does not exist then the
public key contents will be appended to the file (and create it if
necessary).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2128

Philip Hands <phil at hands.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED
                 CC|                            |phil at hands.com

--- Comment #2 from Philip Hands <phil at hands.com> ---
The updated ssh-copy-id that has been included since openssh-6.2 now
does
check for already installed keys

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2128

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.