ssh-copy-id

Jilles Tjoelker jilles at stack.nl
Fri Feb 28 23:42:18 UTC 2014


On Fri, Feb 28, 2014 at 06:08:10PM -0500, Eitan Adler wrote:
> On 28 February 2014 17:15, Mark Felder <feld at freebsd.org> wrote:
> ....

> > In my opinion, if I'm using an ssh utility and I specify "-i" flag it
> > should be the private key.

> Hey all,

> Sorry about the confusion ssh-copy-id has caused you.

> Does the following patch help ?

In addition to that, it may be useful to add an explicit check against
sending private keys. Even though printf(1) fails, the receiving server
still gets the private key and a malicious root user might steal it.

For example, any key starting with '-' is inappropriate.

-- 
Jilles Tjoelker


More information about the freebsd-stable mailing list