ssh-copy-id
Eitan Adler
eadler at freebsd.org
Sat Mar 1 03:12:02 UTC 2014
On 28 February 2014 18:42, Jilles Tjoelker <jilles at stack.nl> wrote:
> On Fri, Feb 28, 2014 at 06:08:10PM -0500, Eitan Adler wrote:
>> On 28 February 2014 17:15, Mark Felder <feld at freebsd.org> wrote:
>> ....
>
>> > In my opinion, if I'm using an ssh utility and I specify "-i" flag it
>> > should be the private key.
>
>> Hey all,
>
>> Sorry about the confusion ssh-copy-id has caused you.
>
>> Does the following patch help ?
>
> In addition to that, it may be useful to add an explicit check against
> sending private keys. Even though printf(1) fails, the receiving server
> still gets the private key and a malicious root user might steal it.
>
> For example, any key starting with '-' is inappropriate.
I thought about adding a check for private keys. However such a check
is insufficient since the user may have supplied other private files
accidentally such as /etc/passwd or a GPG key.
--
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams
More information about the freebsd-stable
mailing list