[Bug 835901] Re: ssh-copy-id: fails to sanitize arguments

Wed Aug 31 22:44:45 UTC 2011

Yep.

Here's a patch.   This catches the case of mistyping the "-i" argument into
anything else, and also catches the generic case of any extra arguments.

$ diff -U 2 /usr/bin/ssh-copy-id /tmp/ssh-copy-id

--- /usr/bin/ssh-copy-id    2010-08-10 04:36:09.000000000 +0100
+++ /tmp/ssh-copy-id    2011-08-31 23:38:38.052511425 +0100
@@ -25,4 +25,9 @@
  fi

+if [ $# -gt 1 ]; then
+  echo "Usage: ssh-copy-id [-i id_file] [user@]machine" 1>&2
+  exit 1;
+fi
+
  if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
    GET_ID="cat ${ID_FILE}"


On 08/31/2011 11:01 PM, Serge Hallyn wrote:
> Thanks for taking the time to report this bug.  I trivially confirmed it
> with your example.  I was thinking it was corrupting the
> authorized_keys, but as it isn't, and as the garbled response is
> reasonably obviously an indication of an error, I will mark priority
> low.
>
> ** Changed in: openssh (Ubuntu)
>     Importance: Undecided =>  High
>
> ** Changed in: openssh (Ubuntu)
>         Status: New =>  Confirmed
>
> ** Changed in: openssh (Ubuntu)
>     Importance: High =>  Low
>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/835901

Title:
  ssh-copy-id: fails to sanitize arguments

Status in “openssh” package in Ubuntu:
  Confirmed

Bug description:
  When I run ssh-copy-id with the incorrect flag, I get this failure:

  $ sudo bash
  # ssh-copy-id -t /root/.ssh/id_rsa.pub ZZZZZZ at koch.phon.ox.ac.uk
  Pseudo-terminal will not be allocated because stdin is not a terminal.
  ssh: Could not resolve hostname umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys: Name or service not known
  #

  The correct flag is "-i", rather than "-t".

  Now, ssh-copy-id is a shell script, and the last line of the error
  message is line 44 of the shell script.  Apparently, $host is not set
  and then the command line is passed to ssh as the address.   It's a
  bit of a mess.

  ssh-copy-id should make some basic checks on its argument list.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: openssh-client 1:5.8p1-1ubuntu3
  ProcVersionSignature: Ubuntu 2.6.38-11.48-generic 2.6.38.8
  Uname: Linux 2.6.38-11-generic x86_64
  NonfreeKernelModules: fglrx
  Architecture: amd64
  Date: Sun Aug 28 09:24:55 2011
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
  ProcEnviron:
   LANGUAGE=en_GB:en
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  RelatedPackageVersions:
   ssh-askpass       N/A
   libpam-ssh        N/A
   keychain          N/A
   ssh-askpass-gnome 1:5.8p1-1ubuntu3
  SSHClientVersion: OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
  SourcePackage: openssh
  UpgradeStatus: Upgraded to natty on 2011-04-30 (119 days ago)
  mtime.conffile..etc.ssh.ssh.config: 2010-10-18T20:51:49.940167

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/835901/+subscriptions


