| Summary: | ssh-copy-id - missing selinux settings | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Stanislav Graf <sgraf> |
| Component: | openssh | Assignee: | Jan F. Chadima <jchadima> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | jchadima, mattias.ellert, mgrepl, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-20 12:30:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
*** This bug has been marked as a duplicate of bug 739989 *** |
Description of problem: Script ssh-copy-id has missing selinux settings (restorecon), so if you try to copy your ID to a newly reinstalled host (~/.ssh/authorized_keys doesn't exist) with selinux enabled, you will not be able to login, because remote host doesn't allow to use this file. $ diff -c ~/bin/ssh-copy-id /usr/bin/ssh-copy-id *** /home/sgraf/bin/ssh-copy-id 2011-10-20 09:00:57.228137343 +0200 --- /usr/bin/ssh-copy-id 2011-07-25 09:47:50.000000000 +0200 *************** *** 41,47 **** # strip any trailing colon host=`echo $1 | sed 's/:$//'` ! { eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1 cat <<EOF Now try logging into the machine, with "ssh '$host'", and check in: --- 41,47 ---- # strip any trailing colon host=`echo $1 | sed 's/:$//'` ! { eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 cat <<EOF Now try logging into the machine, with "ssh '$host'", and check in: Version-Release number of selected component (if applicable): openssh-clients-5.8p2-16.fc16.1.x86_64 How reproducible: 100% Steps to Reproduce: 1. Reinstall package openssh-clients 2. Verify file /usr/bin/ssh-copy-id 3. Try to copy your ID to some newly reinstalled computer (~/.ssh/authorized_keys doesn't exist) and than try to login with your key. Actual results: Login to reinstalled computer failed, restorecon missing Expected results: Login to reinstalled computer pass, restorecon is in the script. Additional info: