Date: Sat, 1 Mar 2014 00:42:15 +0100 From: Jilles Tjoelker <jilles@stack.nl> To: Eitan Adler <eadler@freebsd.org> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: ssh-copy-id Message-ID: <20140228234214.GA23514@stack.nl> In-Reply-To: <CAF6rxg=SBno64BpmxcvddQFpnAePFHKZ%2B1kp1a%2BAY5F6-xQsMA@mail.gmail.com> References: <2cba8fd9cc51dedc1bd5e127046f4ab7@dweimer.net> <1393618827.9046.89104957.4A974C56@webmail.messagingengine.com> <ea6804d070e9b2e4393eaca2fa45d938@dweimer.net> <1393625741.9928.89141917.3B723B0F@webmail.messagingengine.com> <CAF6rxg=SBno64BpmxcvddQFpnAePFHKZ%2B1kp1a%2BAY5F6-xQsMA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 28, 2014 at 06:08:10PM -0500, Eitan Adler wrote: > On 28 February 2014 17:15, Mark Felder <feld@freebsd.org> wrote: > .... > > In my opinion, if I'm using an ssh utility and I specify "-i" flag it > > should be the private key. > Hey all, > Sorry about the confusion ssh-copy-id has caused you. > Does the following patch help ? In addition to that, it may be useful to add an explicit check against sending private keys. Even though printf(1) fails, the receiving server still gets the private key and a malicious root user might steal it. For example, any key starting with '-' is inappropriate. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140228234214.GA23514>