Bug 1353410

Summary: [ssh-copy-id] add "The agent has no identities." in remote ~/.ssh/authorized_keys
Product: Red Hat Enterprise Linux 6 Reporter: JianHong Yin <jiyin>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Stefan Dordevic <sdordevi>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.9CC: plautrba, qe-baseos-security, sdordevi, szidek, vorpal
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssh-5.3p1-119.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1012262 Environment:
Last Closed: 2017-03-21 10:02:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1012262    
Bug Blocks:    
Attachments:
Description Flags
proposed (upstream) patch for RHEL6 none

Description JianHong Yin 2016-07-07 02:42:30 UTC 
+++ This bug was initially created as a clone of Bug #1012262 +++

Description of problem:
In my RHEL5.10, virtual host; after ssh-copy-id, can not login without passwd;
and find that it just add "The agent has no identities." in remote authorized_keys

Version-Release number of selected component (if applicable):
authorized_keys

How reproducible:
In my virtual host always; ( 10.66.13.194 root:redhat )
But In a beaker machine not reproduce.

Steps to Reproduce:
1. ssh-copy-id  $host
2. ssh $host
3.

Actual results:
can not login without passwd

Expected results:
login without passwd

Additional info:
  if add -i option, it works fine;

--- Additional comment from Petr Lautrbach on 2014-01-17 08:25:31 EST ---

This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.
If this bug is critical to production systems, please contact your Red
Hat support representative and provide sufficient business
justification.

--- Additional comment from BugMasta on 2016-07-06 22:23:47 EDT ---

Yeah thanks a lot.
More great work.

This bug is still present in RHEL6.8, July 2016.

All you had to do was give an error message when the user runs ssh-copy-id, instead of misleading the user by apparently completing successfully.

But you couldn't do that could you. You just ignored the issue.

PATHETIC.

IT IS THIS SORT OF LAZINESS WHICH MAKES USING RHEL AN UTTER NIGHTMARE.

EVERY DAY I ENCOUNTER BUG AFTER BUG AFTER BUG, AND 9/10 OF THEM HAVE BEEN FOUND YEARS AGO, BUT STUPIDITY AND LAZINESS HAS PREVENTED A FIX.
Comment 2 Jakub Jelen 2016-07-07 08:31:02 UTC 
Created attachment 1177214 [details]
proposed (upstream) patch for RHEL6

Steps to reproduce:

 1. Start ssh-agent and do not add any identity:

   $ eval `ssh-agent`

 2. Try ssh-copy-id (make sure there is not passwordless access yet):

   $ ssh-copy-id localhost

 3. Check authorized_keys:

    $ cat ~/.ssh/authorized_keys
    
    The agent has no identities.

It is a bug, but quite late in the round since we entered in the Production Phase 2 with RHEL6. This works fine in RHEL7 anyway.

The upstream fix:
http://git.hands.com/?p=ssh-copy-id.git;a=commitdiff;h=d23b6e4f
Comment 3 BugMasta 2016-07-07 08:55:40 UTC 
That "upstream" fix was comitted on 

	Fri, 18 Jun 2010

SIX YEARS AGO.

"Upstream" What a joke.

WHY IS THE CURRENT, LATEST, SUPPORTED RHEL6 USING A VERSION OF OPENSSH-CLIENTS WHICH DOES NOT CONTAIN SOMETHING THAT WAS COMMITTED 6 YEARS AGO?
Comment 4 Jakub Jelen 2016-07-07 10:59:03 UTC 
It was committed into upstream openssh-5.5p1. In RHEL6 we ship stable version openssh-5.3p1 and we didn't rebase since that time (point of stable distribution).

It is unfortunate that the previous bug (for RHEL5) was not cloned to RHEL6 earlier, but using Caps Lock will not help this fixed in any way.

You are welcome to update to RHEL7 with newer version of openssh and this bug fixed, or escalate this issue through your Red Hat support (Bugzilla is not a support tool).
Comment 10 errata-xmlrpc 2017-03-21 10:02:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0641.html