When editing ~/.ssh/authorized_keys manually, sometimes users forget
to add a newline at the end of the file, causing the next ssh-copy-id
call to append a new key to an existing key, invalidating both keys.
This can be fixed by simply adding a newline before appending the key.
Something like this change to
openssh-source/openssh-6.7p1/contrib/ssh-copy-id might work:
# Assuming that the remote host treats ~/.ssh/authorized_keys as one
might expect
populate_new_ids 0
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh
"$@" "
umask 077 ;
mkdir -p .ssh && \
echo >> .ssh/authorized_keys && \
cat >> .ssh/authorized_keys || exit 1 ;
if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh
.ssh/authorized_keys ; fi" \
|| exit 1
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
;;
On Sat, Mar 19, 2016 at 4:53 PM, Ernesto Alfonso <erjoalgo at gmail.com> wrote:> When editing ~/.ssh/authorized_keys manually, sometimes users forget > to add a newline at the end of the file, causing the next ssh-copy-id > call to append a new key to an existing key, invalidating both keys.Mind you, it's also fixed by using Emacs intead of vi. [ esc-x runs-for-cover ]
Ernesto Alfonso <erjoalgo at gmail.com> writes:> When editing ~/.ssh/authorized_keys manually, sometimes users forget > to add a newline at the end of the file, causing the next ssh-copy-id > call to append a new key to an existing key, invalidating both keys. > > This can be fixed by simply adding a newline before appending the key. > > Something like this change to > openssh-source/openssh-6.7p1/contrib/ssh-copy-id might work:This seems like it should do no harm (given that sshd(8) declares that blank lines are ignored as comments), although I'd instead do it by adding a \n to the printf, thus: [ "$DRY_RUN" ] || printf '\n%s\n' "$NEW_IDS" | ssh ... Is anyone going to be upset by the resulting blank lines being added by ssh-copy-id when the file was not missing a terminating newline? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160320/6504489a/attachment-0001.bin>
On 20 Mar 2016, at 19:15, Philip Hands <phil at hands.com> wrote:> Is anyone going to be upset by the resulting blank lines being added by > ssh-copy-id when the file was not missing a terminating newline?Well it would be at least mildly annoying my previously nice looking file now has a pile of blank lines in just because someone didn't know how to use their editor ... -- Alex Bligh -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160320/cfe075f2/attachment.bin>