Bug 1933517

Summary: ssh-copy-id could not resolve ipv6 address ends with colon
Product: Red Hat Enterprise Linux 8 Reporter: ZX <zx>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Marek Havrila <mhavrila>
Severity: low Docs Contact:
Priority: low    
Version: 8.3CC: asosedki, dbelyavs, jjelen, mhavrila
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssh-8.0p1-7.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 19:32:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch to resolve the bug none

Description ZX 2021-02-28 21:42:49 UTC 
Description of problem:
ssh-copy-id could not resolve ipv6 address ends with colon

Version-Release number of selected component (if applicable):
openssh-8.0p1-5.el8.x86_64
openssh-7.4p1-21.el7.x86_64

How reproducible:

Steps to Reproduce:
1. run command 'ssh-copy-id 2001:db8::'

Actual results:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname 2001:db8:: Name or service not known


Expected results:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '2001:db8::' can't be established.
ECDSA key fingerprint is ......
Are you sure you want to continue connecting (yes/no/[fingerprint])? 


Additional info:
Comment 1 Jakub Jelen 2021-03-01 09:24:39 UTC 
Does the pure "ssh" with this IP work? Does adding the address to the square braces as recommended by the manual page work?
Comment 2 ZX 2021-03-01 10:58:34 UTC 
ssh 2001:db8:: --- works
ssh [2001:db8::] --- does not work
ssh-copy-id 2001:db8:: --- does not work
ssh-copy-id [2001:db8::] --- does not work
Comment 3 Jakub Jelen 2021-03-02 16:03:37 UTC 
Unfortunately, I do not have any IPv6 address ending with colon to try with ...

Can you try with "set -x" to see what is being executed? The ssh-copy-id is just a bash script so it might help to see how it is executing ssh.
Comment 4 ZX 2021-03-02 16:59:52 UTC 
Thank you Jakub Jelen, I found the bug in the bash script.

I've submitted a patch and it works.
Comment 5 ZX 2021-03-02 17:01:40 UTC 
Created attachment 1760269 [details]
patch to resolve the bug
Comment 6 ZX 2021-03-02 17:24:26 UTC 
Sorry the file is in packages:
openssh-clients-8.0p1-5.el8.x86_64
openssh-clients-7.4p1-21.el7.x86_64


And also, I noticed that upstream openssh-8.4p1 (September 2020) has fixed the bug.
We could consider updating the OpenSSH components to 8.4p1 in RHEL 7 and 8.
Comment 7 Jakub Jelen 2021-03-02 21:38:04 UTC 
Thank you for debugging the issue and submitting a patch. I filled the following MR to update at least the comment, which was kept there even though the the code removing colon was no longer there.

We do not plan to update RHEL to newer versions, because we need to keep the RHEL stable. New OpenSSH 8.4p1 is available in Fedora. But we can patch the ssh-copy-id script in the next update of RHEL8. RHEL 7 now accepts only critical security fixes, which this indeed is not.
Comment 19 errata-xmlrpc 2021-11-09 19:32:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openssh security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4368