Description of problem: "ssh-copy-id -i {identity}" is broken Steps to Reproduce: /usr/bin/ssh-copy-id -i ~/.ssh/id_dsa.pub user@host Actual results: /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system. Expected results: /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys user@host's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'user@host'" and check to make sure that only the key(s) you wanted were added. Additional info: I traced it in the script. The problem lays in: eval $GET_ID | { while read ID ; do [...] $GET_ID = cat "/pathto/.ssh/id_dsa.pub" If you try this code in your shell, you can see that it doesn't work: cat "/pathto/.ssh/id_dsa.pub" | while read ID; do echo $ID; done That's because id_dsa.pub is a single line file (no new line) read -r ID should be used rather than read ID Here's a patch to solve this issue: --- /usr/bin/ssh-copy-id.orig 2014-04-30 21:23:23.085531454 +0200 +++ /usr/bin/ssh-copy-id 2014-04-30 21:07:10.720599144 +0200 @@ -207,7 +207,7 @@ printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 NEW_IDS=$( eval $GET_ID | { - while read ID ; do + while read -r ID ; do printf '%s\n' "$ID" > $L_TMP_ID_FILE # the next line assumes $PRIV_ID_FILE only set if using a single id file - this
I had the same issue - seems to have something to do with a user ssh config - I renamed mine, re-did it, and it worked - I did have the following in my config : ForwardAgent yes LogLevel quiet StrictHostKeyChecking no UserKnownHostsFile /dev/null Alex
Works for me with current fedora 20 and fedora 21: openssh-6.4p1-7.fc20.x86_64 openssh-6.6.1p1-9.fc21.x86_64 Can you retest it with your configuration? If it will still not work, can you provide more information, content of your ssh config, version of your software or whatever can help us? Your examples work for me as they should with just fresh created keys using ssh-keygen. Even with above mentioned config I don't have any issues. [root@localhost .ssh]# ssh-copy-id -i id_ecdsa.pub f21 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root.1.236's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'f21'" and check to make sure that only the key(s) you wanted were added. [root@localhost .ssh]# ssh f21 Last login: Mon Jan 12 16:49:35 2015 from 192.168.1.1 [root@localhost .ssh]# ssh-copy-id -i ~/.ssh/id_ecdsa.pub f20 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root.1.226's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'f20'" and check to make sure that only the key(s) you wanted were added. [root@localhost .ssh]# ssh f20 Last login: Mon Jan 12 17:33:42 2015 from 192.168.1.1
Tested again. Here's the result: $ ssh-copy-id -i ~/.ssh/id_rsa.pub user@host /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system. $ ssh-copy-id -i ~/.ssh/id_dsa.pub user@host /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys user@host's password: Some keys works, some don't. The difference between both keys (except one being rsa, and the other dsa) is that the former has no \n at the end of the file while the other has. I've tested with a newly created rsa key and it works fine. The new key has a trailing \n. Something may have changed in ssh-keygen to always add a trailing \n at keyfiles. You should be able to reproduce that after removing the trailing \n at the end of you keyfile.
So it looks like ssh-copy-id is not broken, but your keys are. Every text-file should end with new line, but tools _should_ be able to handle missing newline. I tried your patch, but it didn't help me with keys without trailing newline. Both # cat .ssh/id_dsa1.pub | while read ID; do echo $ID; done # cat .ssh/id_dsa1.pub | while read -r ID; do echo $ID; done shows nothing in bash-4.3.33-1.fc21.x86_64 Possible workaround is to use command like this which works same for both keys: # cat ~/.ssh/id_rsa.pub | while read -r ID || [[ -n "$ID" ]]; do echo $ID; done I can try to discuss this issue with upstream. It seems acceptable for me.
openssh-6.7p1-9.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/openssh-6.7p1-9.fc22
Package openssh-6.7p1-9.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-6.7p1-9.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2786/openssh-6.7p1-9.fc22 then log in and leave karma (feedback).
openssh-6.7p1-9.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
openssh-6.6.1p1-12.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/openssh-6.6.1p1-12.fc21
openssh-6.6.1p1-12.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.