Red Hat Bugzilla – Bug 836650
ssh-copy-id returns 0 even if the actual operation fails.
Last modified: 2013-02-21 05:28:02 EST
Description of problem: ssh-copy-id seems to return zero even if there is an error in copying the key to the remote host. Below is a session in which key is tried to be copied over to a remote host that doesn't have any free space available: # ssh-copy-id -i ~/.ssh/kdump_id_rsa.pub root@dhcp46-175.lab.bos.redhat.com root@dhcp46-175.lab.bos.redhat.com's password: cat: write error: No space left on device Now try logging into the machine, with "ssh 'root@dhcp46-175.lab.bos.redhat.com'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. # echo $? 0 In the middle you can see that "cat: write error: No space left on device error" message Same issue doesn't happen on rhel5 either: # ssh-copy-id -i ~/.ssh/kdump_id_rsa.pub root@dhcp46-175.lab.bos.redhat.com 27 The authenticity of host 'dhcp46-175.lab.bos.redhat.com (10.16.46.175)' can't be established. RSA key fingerprint is c1:1d:02:95:cd:42:1f:a4:8d:da:ee:c5:98:72:a5:d4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'dhcp46-175.lab.bos.redhat.com,10.16.46.175' (RSA) to the list of known hosts. root@dhcp46-175.lab.bos.redhat.com's password: cat: write error: No space left on device # echo $? 1 Version-Release number of selected component (if applicable): openssh-clients-5.3p1-20.el6.x86_64 How reproducible: Everytime Steps to Reproduce: 1. Try to copy a key over to a machine that has no space available. 2. 3. Actual results: returns zero Expected results: Should not return zero Additional info:
There is the openssh-5.3p1-selabel.patch which changed behavior of ssh-copy-id to call also restorecon. This needs to be changed: --- /usr/bin/ssh-copy-id.orig 2012-07-09 17:39:31.861061082 +0200 +++ /usr/bin/ssh-copy-id 2012-07-09 17:51:25.129074800 +0200 @@ -38,7 +38,7 @@ exit 1 fi -{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1 +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1 cat <<EOF Now try logging into the machine, with "ssh '$1'", and check in:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0519.html