Bug 3527

Summary:

ssh-copy-id broken for dropbear

Product:

Portable OpenSSH

Reporter:

stephan+openssh <stephan+openssh>

Component:

ssh-copy-id

Assignee:

Philip Hands <phil>

Status:

NEW ---

Severity:

major

CC:

dtucker

Priority:

Version:

9.1p1

Hardware:

Other

OS:

Linux

Attachments:

Description	Flags
ssh-copy-id with commented out dropbear bug.	none

Description stephan+openssh@asklandd.dk 2023-01-24 08:34:27 AEDT

Created attachment 3653 [details]
ssh-copy-id with commented out dropbear bug.

The script assumes that systems running dropbear SSH server must save the authorized key in /etc/dropbear/authorized_keys [1].  But this is not the default for dropbear, so I think it's fair to consider it a bug and fix it.

By default dropbear saves user ssh keys in the usual ~/.ssh/authorized_keys and therefore needs no special handling in ssh-copy-id.

The bug affects all Buildroot systems, and anything else with an unmodified dropbear.

I commented out the dropbear) block in my ssh-copy-id and now it works as expected, i.e. I can ssh-copy-id to a remote running dropbear, the keys are added to the remote ~/.ssh/authorized_keys, and I can ssh to remote without password prompt afterwards.

It's possible this dropbear switch bug was added by someone who uses system, that runs a modified version of dropbear, perhaps router of some sort.


1: https://github.com/openssh/openssh-portable/blob/master/contrib/ssh-copy-id#L338

-- 
Your,
Stephan

Comment 1 stephan+openssh@asklandd.dk 2023-01-24 08:36:09 AEDT

Showing affected version of OpenSSH

$ pacman -Qo /usr/bin/ssh-copy-id
/usr/bin/ssh-copy-id is owned by openssh 9.1p1-3

Comment 2 stephan+openssh@asklandd.dk 2023-01-24 08:37:21 AEDT

$ ssh -V
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
$ ssh -V
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022

Comment 3 stephan+openssh@asklandd.dk 2023-01-24 08:41:30 AEDT

Oh, I just realized this: https://github.com/openssh/openssh-portable/pull/250