This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 747527 - ssh-copy-id - missing selinux settings
ssh-copy-id - missing selinux settings
Status: CLOSED DUPLICATE of bug 739989
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
16
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan F. Chadima
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-20 03:11 EDT by Stanislav Graf
Modified: 2011-10-20 08:30 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-10-20 08:30:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stanislav Graf 2011-10-20 03:11:37 EDT
Description of problem:
Script ssh-copy-id has missing selinux settings (restorecon), so if you try to copy your ID to a newly reinstalled host (~/.ssh/authorized_keys doesn't exist) with selinux enabled, you will not be able to login, because remote host doesn't allow to use this file.

$ diff -c ~/bin/ssh-copy-id /usr/bin/ssh-copy-id
*** /home/sgraf/bin/ssh-copy-id	2011-10-20 09:00:57.228137343 +0200
--- /usr/bin/ssh-copy-id	2011-07-25 09:47:50.000000000 +0200
***************
*** 41,47 ****
  # strip any trailing colon
  host=`echo $1 | sed 's/:$//'`
  
! { eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
  
  cat <<EOF
  Now try logging into the machine, with "ssh '$host'", and check in:
--- 41,47 ----
  # strip any trailing colon
  host=`echo $1 | sed 's/:$//'`
  
! { eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
  
  cat <<EOF
  Now try logging into the machine, with "ssh '$host'", and check in:

Version-Release number of selected component (if applicable):
openssh-clients-5.8p2-16.fc16.1.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Reinstall package openssh-clients
2. Verify file /usr/bin/ssh-copy-id
3. Try to copy your ID to some newly reinstalled computer (~/.ssh/authorized_keys doesn't exist) and than try to login with your key.  
Actual results:
Login to reinstalled computer failed, restorecon missing

Expected results:
Login to reinstalled computer pass, restorecon is in the script.

Additional info:
Comment 1 Stanislav Graf 2011-10-20 08:30:47 EDT

*** This bug has been marked as a duplicate of bug 739989 ***

Note You need to log in before you can comment on or make changes to this bug.