Bug 836650 - ssh-copy-id returns 0 even if the actual operation fails.
Summary: ssh-copy-id returns 0 even if the actual operation fails.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssh
Version: 6.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: Jiri Jaburek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-29 19:23 UTC by Gurhan Ozen
Modified: 2013-02-21 10:28 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-21 10:28:02 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0519 0 normal SHIPPED_LIVE Moderate: openssh security, bug fix and enhancement update 2013-02-20 21:28:57 UTC

Internal Links: 1667519

Description Gurhan Ozen 2012-06-29 19:23:21 UTC
Description of problem:
ssh-copy-id seems to return zero even if there is an error in copying the key to the remote host. 

Below is a session in which key is tried to be copied over to a remote host that doesn't have any free space available:
# ssh-copy-id -i  ~/.ssh/kdump_id_rsa.pub root.bos.redhat.com
root.bos.redhat.com's password:
cat: write error: No space left on device
Now try logging into the machine, with "ssh
'root.bos.redhat.com'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

# echo $?
0

In the middle you can see that "cat: write error: No space left on device error" message 

Same issue doesn't happen on rhel5 either:

# ssh-copy-id -i  ~/.ssh/kdump_id_rsa.pub root.bos.redhat.com
27
The authenticity of host 'dhcp46-175.lab.bos.redhat.com (10.16.46.175)' can't be
established.
RSA key fingerprint is c1:1d:02:95:cd:42:1f:a4:8d:da:ee:c5:98:72:a5:d4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dhcp46-175.lab.bos.redhat.com,10.16.46.175' (RSA) to
the list of known hosts.
root.bos.redhat.com's password:
cat: write error: No space left on device
# echo $?
1


Version-Release number of selected component (if applicable):
openssh-clients-5.3p1-20.el6.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Try to copy a key over to a machine that has no space available.
2. 
3.
  
Actual results:
returns zero 

Expected results:
Should not return zero

Additional info:

Comment 2 Petr Lautrbach 2012-07-09 15:53:55 UTC
There is the openssh-5.3p1-selabel.patch which changed behavior of ssh-copy-id to call also restorecon. This needs to be changed:

--- /usr/bin/ssh-copy-id.orig   2012-07-09 17:39:31.861061082 +0200
+++ /usr/bin/ssh-copy-id        2012-07-09 17:51:25.129074800 +0200
@@ -38,7 +38,7 @@
   exit 1
 fi
 
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
 
 cat <<EOF
 Now try logging into the machine, with "ssh '$1'", and check in:

Comment 6 errata-xmlrpc 2013-02-21 10:28:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0519.html


Note You need to log in before you can comment on or make changes to this bug.