Attachment #3441 for bug #3201

View | Details | Raw Unified | Return to bug 3201
Collapse All | Expand All

Lines 60-68 most_recent_id="$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null \| grep -v -- '-cer Link Here

(-)a/ssh-copy-id (-5 / +27 lines)
60	DEFAULT_PUB_ID_FILE="${most_recent_id:+$HOME/}$most_recent_id"	60	DEFAULT_PUB_ID_FILE="${most_recent_id:+$HOME/}$most_recent_id"
61		61
62	usage () {	62	usage () {
63	printf 'Usage: %s [-h\|-?\|-f\|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2	63	printf 'Usage: %s [-h\|-?\|-f\|-n\|-s] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
64	printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2	64	printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2
65	printf '\t-n: dry run -- no keys are actually copied\n' >&2	65	printf '\t-n: dry run -- no keys are actually copied\n' >&2
		66	printf '\t-s: use sftp -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp\n' >&2
66	printf '\t-h\|-?: print this help\n' >&2	67	printf '\t-h\|-?: print this help\n' >&2
67	exit 1	68	exit 1
68	}	69	}
Lines 133-139 do Link Here
133	}	134	}
134	shift	135	shift
135	;;	136	;;
136	-f\|-n\|-h\|-\?)	137	-f\|-n\|-s\|-h\|-\?)
137	OPT="$1"	138	OPT="$1"
138	OPTARG=	139	OPTARG=
139	shift	140	shift
Lines 172-177 do Link Here
172	-n)	173	-n)
173	DRY_RUN=1	174	DRY_RUN=1
174	;;	175	;;
		176	-s)
		177	USE_SFTP=1
		178	;;
175	-h\|-\?)	179	-h\|-\?)
176	usage	180	usage
177	;;	181	;;
Lines 293-303 case "$REMOTE_VERSION" in Link Here
293	*)	297	*)
294	# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect	298	# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
295	populate_new_ids 0	299	populate_new_ids 0
296	# in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX;	300
297	# 'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh.	301	if ! [ "$DRY_RUN" ] && ! [ "$USE_SFTP" ]; then
298	[ "$DRY_RUN" ] \|\| printf '%s\n' "$NEW_IDS" \| \	302	# in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
		303	# 'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh.
		304	printf '%s\n' "$NEW_IDS" \| \
299	ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] \|\| echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys \|\| exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \	305	ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] \|\| echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys \|\| exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
300	\|\| exit 1	306	\|\| exit 1
		307	fi
		308	if ! [ "$DRY_RUN" ] && [ "$USE_SFTP" ] ; then
		309	KEYS_TMPFILE=$(mktemp --dry-run authorized_keys.XXXXXXXXXXXX)
		310	trap "rm -f $KEYS_TMPFILE" EXIT
		311	SHARED_CON_TMPFILE=$(mktemp --dry-run ssh-copy-id-shared-connection.XXXXXXXXXXXX)
		312	ssh -f -N -M -S $SHARED_CON_TMPFILE "$@"
		313	trap "ssh -S $SHARED_CON_TMPFILE -O exit 'notnecessary' >/dev/null 2>&1" EXIT
		314	echo "mkdir .ssh" \| sftp -b - -o "ControlPath=${SHARED_CON_TMPFILE}" "notnecessary" >/dev/null 2>&1
		315	echo "chmod 700 .ssh" \| sftp -b - -o "ControlPath=${SHARED_CON_TMPFILE}" "notnecessary" >/dev/null 2>&1
		316	echo "get .ssh/authorized_keys $KEYS_TMPFILE" \| sftp -b - -o "ControlPath=$SHARED_CON_TMPFILE" "notnecessary" >/dev/null 2>&1
		317	# add a newline or create file if it's missing, same like above
		318	[ -z "$(tail -1c $KEYS_TMPFILE 2>/dev/null)" ] \|\| echo >> $KEYS_TMPFILE
		319	printf '%s\n' "$NEW_IDS" >> $KEYS_TMPFILE
		320	echo "put $KEYS_TMPFILE .ssh/authorized_keys" \| sftp -b - -o "ControlPath=$SHARED_CON_TMPFILE" "notnecessary" >/dev/null 2>&1 \|\| exit 1
		321	echo "chmod 600 .ssh/authorized_keys" \| sftp -b - -o "ControlPath=${SHARED_CON_TMPFILE}" "notnecessary" >/dev/null 2>&1
		322	fi
301	ADDED=$(printf '%s\n' "$NEW_IDS" \| wc -l)	323	ADDED=$(printf '%s\n' "$NEW_IDS" \| wc -l)
302	;;	324	;;
303	esac	325	esac

Lines 1-5 Link Here

(-)a/ssh-copy-id.1 (-2 / +9 lines)
1	.ig \" -- nroff --	1	.ig \" -- nroff --
2	Copyright (c) 1999-2016 hands.com Ltd. <http://hands.com/>	2	Copyright (c) 1999-2013 hands.com Ltd. <http://hands.com/>
3		3
4	Redistribution and use in source and binary forms, with or without	4	Redistribution and use in source and binary forms, with or without
5	modification, are permitted provided that the following conditions	5	modification, are permitted provided that the following conditions
Lines 31-36 THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Link Here
31	.Nm	31	.Nm
32	.Op Fl f	32	.Op Fl f
33	.Op Fl n	33	.Op Fl n
		34	.Op Fl s
34	.Op Fl i Op Ar identity_file	35	.Op Fl i Op Ar identity_file
35	.Op Fl p Ar port	36	.Op Fl p Ar port
36	.Op Fl o Ar ssh_option	37	.Op Fl o Ar ssh_option
Lines 84-89 in more than one copy of the key being installed on the remote system. Link Here
84	.It Fl n	85	.It Fl n
85	do a dry-run. Instead of installing keys on the remote system simply	86	do a dry-run. Instead of installing keys on the remote system simply
86	prints the key(s) that would have been installed.	87	prints the key(s) that would have been installed.
		88	.It Fl s
		89	SFTP mode: usually the public keys are installed by executing commands on the remote side.
		90	With this option the user's
		91	.Pa ~/.ssh/authorized_keys
		92	file will be downloaded, modified locally and uploaded with sftp.
		93	This option is useful if the server has restrictions on commands which can be used on the remote side.
87	.It Fl h , Fl ?	94	.It Fl h , Fl ?
88	Print Usage summary	95	Print Usage summary
89	.It Fl p Ar port , Fl o Ar ssh_option	96	.It Fl p Ar port , Fl o Ar ssh_option
Lines 158-164 asked for confirmation, which is your cue to log back out and run Link Here
158	The reason you might want to specify the -i option in this case is to	165	The reason you might want to specify the -i option in this case is to
159	ensure that the comment on the installed key is the one from the	166	ensure that the comment on the installed key is the one from the
160	.Pa .pub	167	.Pa .pub
161	file, rather than just the filename that was loaded into you agent.	168	file, rather than just the filename that was loaded into your agent.
162	It also ensures that only the id you intended is installed, rather than	169	It also ensures that only the id you intended is installed, rather than
163	all the keys that you have in your	170	all the keys that you have in your
164	.Xr ssh-agent 1 .	171	.Xr ssh-agent 1 .

Return to bug 3201