Bug 2214

Summary:

Key is detected as existing if LogLevel=QUIET

Product:

Portable OpenSSH

Reporter:

Sami Haahtinen <sami>

Component:

ssh-copy-id

Assignee:

Philip Hands <phil>

Status:

CLOSED FIXED

Severity:

normal

CC:

phil

Priority:

Version:

6.2p1

Hardware:

All

OS:

Linux

Bug Depends on:

Bug Blocks:

2451

Attachments:

Description	Flags
Add -o LogLevel=INFO to ssh invokation	none

Description Sami Haahtinen 2014-03-20 23:40:54 AEDT

Created attachment 2415 [details]
Add -o LogLevel=INFO to ssh invokation

Current ssh-copy-id script assumes that key is valid if the temporary log file doesn't contain the string 'Permission denied'. There are cases when this doesn't occur. One of the cases is when configuration file contains a LogLevel=QUIET option.

Lets assume that ~/.ssh/config contains:
> Host 127.*
>   LogLevel QUIET

And we have no valid key for localhost. Attempting to connect doesn't give any errors:
> $ ssh -o PreferredAuthentications=publickey -o IdentitiesOnly=yes user@127.0.0.1
> $ ssh -o LogLevel=INFO -o PreferredAuthentications=publickey -o IdentitiesOnly=yes user@127.0.0.1
> Permission denied (publickey,password).

The fix is to add LogLevel=INFO to the ssh command, which is a sane default since ssh-copy-id actually depends on ssh to have loglevel set to INFO.

Comment 1 Philip Hands 2015-11-29 04:07:51 AEDT

Thanks for the report, and sorry for taking so long to get round to it.

Here's the commit that fixes this:

  http://git.hands.com/?p=ssh-copy-id.git;a=commitdiff;h=35f05e39cda8670b3f6797330a3e521fda509a4c;hp=baebbb9e18e4a1af7554d939710eacb665a24b68

My latest version incorporating that change is here:

  http://git.hands.com/ssh-copy-id

which should work for you, and will hopefully make it's way into OpenSSH in the not too distant future.

Cheers, Phil.

Comment 2 Damien Miller 2016-08-02 10:41:44 AEST

Close all resolved bugs after 7.3p1 release