Oscar Roozen
2016-Jan-05 13:04 UTC
ssh-copy-id doesn't work when LogLevel=Quiet (Patch included)
This is a simple patch to a simple problem that took me some time to
find. I had set LogLevel=Quiet on a group of hosts to mute some output
in scripts. In hindsight, this was a stupid decision. I could have used
LogLevel=Error just as well. When later trying to script something using
ssh-copy-id, it would insist the key was already there. Yet scp kept
prompting for a passord...
Turns out ssh-copy-id relies on the output of ssh to determine whether
the key is already in place. No error => key already there. Loglevel
Quiet => key already there. Haha.. Fooled me! ;-)
The fix is simple. If ssh-copy-id needs an error output, it should force
this output to be there, independent of other configurations:
(Patch against openssh-clients-6.9p1-9.fc22.x86_64 on a Fedora system)
--- /usr/bin/ssh-copy-id.org 2016-01-05 13:45:08.551829298 +0100
+++ /usr/bin/ssh-copy-id 2016-01-05 12:28:28.537612334 +0100
@@ -216,6 +216,7 @@
# find if only given the contents of the .pub file in an
# unrelated tmpfile
ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
-o PreferredAuthentications=publickey \
+ -o LogLevel=Error \
-o IdentitiesOnly=yes "$@" exit
2>$L_TMP_ID_FILE.stderr
</dev/null
if [ "$?" = "$L_SUCCESS" ] ; then
: > $L_TMP_ID_FILE
Jakub Jelen
2016-Jan-05 16:15 UTC
ssh-copy-id doesn't work when LogLevel=Quiet (Patch included)
On 01/05/2016 02:04 PM, Oscar Roozen wrote:> (Patch against openssh-clients-6.9p1-9.fc22.x86_64 on a Fedora system) > > --- /usr/bin/ssh-copy-id.org 2016-01-05 13:45:08.551829298 +0100 > +++ /usr/bin/ssh-copy-id 2016-01-05 12:28:28.537612334 +0100 > @@ -216,6 +216,7 @@ > # find if only given the contents of the .pub file in an > # unrelated tmpfile > ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \ > -o PreferredAuthentications=publickey \ > + -o LogLevel=Error \ > -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr > </dev/null > if [ "$?" = "$L_SUCCESS" ] ; then > : > $L_TMP_ID_FILEHello Oscar, this is already fixed in ssh-copy-id repo [1], has even it's own upstream bugzilla [2]. It is also in current Fedora 23 [3]. You can get it even for your Fedora 22 from copr repo [4], if you are interested and you want to try if it works for you. [1] http://git.hands.com/?p=ssh-copy-id.git;a=commit;h=35f05e39cda8670b3f6797330a3e521fda509a4c [2] https://bugzilla.mindrot.org/show_bug.cgi?id=2214 [3] https://bodhi.fedoraproject.org/updates/FEDORA-2015-8e6294b5c2 [4] https://copr.fedoraproject.org/coprs/jjelen/openssh-latest/ Regards, -- Jakub Jelen Security Technologies Red Hat