Bug 836650

Summary: ssh-copy-id returns 0 even if the actual operation fails.
Product: Red Hat Enterprise Linux 6 Reporter: Gurhan Ozen <gozen>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Jiri Jaburek <jjaburek>
Severity: low Docs Contact:
Priority: low    
Version: 6.4CC: jburke, jjaburek, jstancek, pbunyan, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 10:28:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gurhan Ozen 2012-06-29 19:23:21 UTC 
Description of problem:
ssh-copy-id seems to return zero even if there is an error in copying the key to the remote host. 

Below is a session in which key is tried to be copied over to a remote host that doesn't have any free space available:
# ssh-copy-id -i  ~/.ssh/kdump_id_rsa.pub root.bos.redhat.com
root.bos.redhat.com's password:
cat: write error: No space left on device
Now try logging into the machine, with "ssh
'root.bos.redhat.com'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

# echo $?
0

In the middle you can see that "cat: write error: No space left on device error" message 

Same issue doesn't happen on rhel5 either:

# ssh-copy-id -i  ~/.ssh/kdump_id_rsa.pub root.bos.redhat.com
27
The authenticity of host 'dhcp46-175.lab.bos.redhat.com (10.16.46.175)' can't be
established.
RSA key fingerprint is c1:1d:02:95:cd:42:1f:a4:8d:da:ee:c5:98:72:a5:d4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dhcp46-175.lab.bos.redhat.com,10.16.46.175' (RSA) to
the list of known hosts.
root.bos.redhat.com's password:
cat: write error: No space left on device
# echo $?
1


Version-Release number of selected component (if applicable):
openssh-clients-5.3p1-20.el6.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Try to copy a key over to a machine that has no space available.
2. 
3.
  
Actual results:
returns zero 

Expected results:
Should not return zero

Additional info:
Comment 2 Petr Lautrbach 2012-07-09 15:53:55 UTC 
There is the openssh-5.3p1-selabel.patch which changed behavior of ssh-copy-id to call also restorecon. This needs to be changed:

--- /usr/bin/ssh-copy-id.orig   2012-07-09 17:39:31.861061082 +0200
+++ /usr/bin/ssh-copy-id        2012-07-09 17:51:25.129074800 +0200
@@ -38,7 +38,7 @@
   exit 1
 fi
 
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
 
 cat <<EOF
 Now try logging into the machine, with "ssh '$1'", and check in:
Comment 6 errata-xmlrpc 2013-02-21 10:28:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0519.html