From owner-freebsd-stable@FreeBSD.ORG Sat Mar 1 15:02:26 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5BD47246; Sat, 1 Mar 2014 15:02:26 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D7E641293; Sat, 1 Mar 2014 15:02:25 +0000 (UTC) Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id B08132105D; Sat, 1 Mar 2014 10:02:24 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Sat, 01 Mar 2014 10:02:24 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:cc:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=nsEl3qa5QIJ8rI9U2ITneD6i3Nc=; b=nWu xYPIvruqr5n7GP1FozDyBExNUwcVPqu3NBi+3OppMb6WSpzKm3guRGJBG095Dhx0 mUSkvWBs0PAvOkKOzI3A/0YbKPY4/P+pfTfla300hfkEJEZAqqVJNe2ftQZTWDFX wT8hYUt8bGB/mIR05pzd8B0ETeTM3tL0zuk3WSUc= Received: by web3.nyi.mail.srv.osa (Postfix, from userid 99) id 88DA7116FAC; Sat, 1 Mar 2014 10:02:24 -0500 (EST) Message-Id: <1393686144.13293.89322249.7BB6D2F8@webmail.messagingengine.com> X-Sasl-Enc: DeP0O/T1lL4NTNbAJHtX5Jo5q+osZ+HPFl0eZeG4SbOQ 1393686144 From: Mark Felder To: Eitan Adler , Jilles Tjoelker MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-4527a23f In-Reply-To: References: <2cba8fd9cc51dedc1bd5e127046f4ab7@dweimer.net> <1393618827.9046.89104957.4A974C56@webmail.messagingengine.com> <1393625741.9928.89141917.3B723B0F@webmail.messagingengine.com> <20140228234214.GA23514@stack.nl> Subject: Re: ssh-copy-id Date: Sat, 01 Mar 2014 09:02:24 -0600 Cc: freebsd-stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Mar 2014 15:02:26 -0000 On Fri, Feb 28, 2014, at 21:11, Eitan Adler wrote: > On 28 February 2014 18:42, Jilles Tjoelker wrote: > > On Fri, Feb 28, 2014 at 06:08:10PM -0500, Eitan Adler wrote: > >> On 28 February 2014 17:15, Mark Felder wrote: > >> .... > > > >> > In my opinion, if I'm using an ssh utility and I specify "-i" flag it > >> > should be the private key. > > > >> Hey all, > > > >> Sorry about the confusion ssh-copy-id has caused you. > > > >> Does the following patch help ? > > > > In addition to that, it may be useful to add an explicit check against > > sending private keys. Even though printf(1) fails, the receiving server > > still gets the private key and a malicious root user might steal it. > > > > For example, any key starting with '-' is inappropriate. > > I thought about adding a check for private keys. However such a check > is insufficient since the user may have supplied other private files > accidentally such as /etc/passwd or a GPG key. > I suppose you could whitelist certain types of keys and only permit those to be used with ssh-copy-id and exit/error if something else is fed to it. $ file id_dsa id_dsa: PEM DSA private key Seems like file can be used to identify valid keys properly, but I'm sure there's a better way.