Bug 1667519

Summary: ssh-copy-id hangs when the remote system is out of space
Product: Red Hat Enterprise Linux 8 Reporter: Alicja Kario <hkario>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Stanislav Zidek <szidek>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 8.0CC: bsmejkal, jjelen, omoris, ssorce, szidek, tmraz
Target Milestone: rcKeywords: Regression, Triaged
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssh-8.0p1-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-05 22:41:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1682500    
Bug Blocks:    

Description Alicja Kario 2019-01-18 17:02:25 UTC 
Description of problem:
When the remote system doesn't have the space to increase the size of authorized_keys or authorized_keys2, the ssh-copy-id command hangs indefinitely

Version-Release number of selected component (if applicable):
openssh-7.8p1-4.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. on remote system: ln -s /dev/full /home/$USER_NAME/.ssh/authorized_keys
2. on remote system: ln -s /dev/full /home/$USER_NAME/.ssh/authorized_keys2
3. locally: ssh-copy-id remote_user@remote_system

Actual results:
command hangs

Expected results:
cat: write error: No space left on device
ssh-copy-id return code of 1

Additional info:
This is regression from RHEL-7.
Comment 2 Jakub Jelen 2019-01-21 09:08:44 UTC 
This is an issue with the check making sure there is a newline added to the authorized_keys file if it is missing initially (new in OpenSSH 7.5 or so).

The command that hangs is the following, which does not work with your reproducer (/dev/full returns unlimited stream of zeroes):

  tail -1c .ssh/authorized_keys

Even though I believe if the above would pass, the following does not have a check and would lead to fail without error message, because it is missing a guard " || exit 1" as the other write:

  echo >> .ssh/authorized_keys

At this moment, I see a simple solution for a real-world use cases (adding the check above), but I do not see a simple way how to make also your test happy.

I do not consider this as a blocker for 8.0 release so I postponed this bug to 8.1.
Comment 6 Simo Sorce 2019-05-22 12:16:10 UTC 
Looks like patches are ready, updating status accordingly.
Comment 16 errata-xmlrpc 2019-11-05 22:41:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3702