ssh-copy-id
Mark Felder
feld at FreeBSD.org
Sat Mar 1 15:02:26 UTC 2014
On Fri, Feb 28, 2014, at 21:11, Eitan Adler wrote:
> On 28 February 2014 18:42, Jilles Tjoelker <jilles at stack.nl> wrote:
> > On Fri, Feb 28, 2014 at 06:08:10PM -0500, Eitan Adler wrote:
> >> On 28 February 2014 17:15, Mark Felder <feld at freebsd.org> wrote:
> >> ....
> >
> >> > In my opinion, if I'm using an ssh utility and I specify "-i" flag it
> >> > should be the private key.
> >
> >> Hey all,
> >
> >> Sorry about the confusion ssh-copy-id has caused you.
> >
> >> Does the following patch help ?
> >
> > In addition to that, it may be useful to add an explicit check against
> > sending private keys. Even though printf(1) fails, the receiving server
> > still gets the private key and a malicious root user might steal it.
> >
> > For example, any key starting with '-' is inappropriate.
>
> I thought about adding a check for private keys. However such a check
> is insufficient since the user may have supplied other private files
> accidentally such as /etc/passwd or a GPG key.
>
I suppose you could whitelist certain types of keys and only permit
those to be used with ssh-copy-id and exit/error if something else is
fed to it.
$ file id_dsa
id_dsa: PEM DSA private key
Seems like file can be used to identify valid keys properly, but I'm
sure there's a better way.
More information about the freebsd-stable
mailing list