This is, obviously, a pretty bizarre use-case. Copying an SSH ID to a passwordless user doesn't actually add any security, but it's still a werid issue that ssh-copy-id probably shouldn't exhibit. This can be reproduced on a single node as follows: $ sudo adduser dimwit $ sudo passwd -d dimwit # Never do this $ ssh-copy-id dimwit@localhost # The shell now appears to hang... The issue seems to be with a line containing a call to "ssh -v -o PreferredAuthentications=','", which attempts to assign a value to the $REMOTE_VERSION variable. A little investigative work revealed that this call successfully negotiates an interactive shell with all its output piped into sed, so not echoed back to the user. CTRL-C and CTRL-Z get passed down to this contained shell meaning that these will not exit the process - the terminal really does appear to lock up. However... $ echo "touch i-woz-ere" | ssh-copy-id dimwit@localhost # This rapidly completes $ su dimwit $ ls ~ i-woz-ere It is still possible to interact with this shell. This does not present any real security vulnerabilty, in fact it is caused by a complete lack of any security on the user's part, however spawning an interactive shell does not appear to be intended behaviour. Replacing the call with "ssh -v -o PreferredAuthentications=',' < /dev/null" resolves this issue.
Sorry for not doing anything about this bug till now. I was just trying to reproduce it, before fixing it, and am failing to do so. I've tried this by hand, and I note that I'm being prompted for a password, and simply hitting return does not allow me to log in. I've also added this to the automated tests: https://gitlab.com/phil_hands/ssh-copy-id/-/tree/bug/2765 but (assuming the logs are still there by the time you read this) you'll see here: https://gitlab.com/phil_hands/ssh-copy-id/-/jobs/741757388 that it prompts for the user's password repeatedly, and the test doesn't manage to log in, so it also fails to provoke the behaviour. I'm not aware of any problem with adding a </dev/null but it would be nice to be able to demonstrate that it's needed. Cheers, Phil.