should we port ssh-copy-id ?

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

should we port ssh-copy-id ?

Jan-Piet Mens-2
ssh-copy-id [1] is a script to copy one's SSH keys to remote hosts,
ensuring that ~/.ssh and authorized_keys are created with correct
permissions. The script uses ssh(1) to log into a remote machine (using
a login password).

This script is available in portable OpenSSH [2] and is installed on
many (most?) Linux distributions, macOS, and from a different source
[3], in FreeBSD.

Would ssh-copy-id from [1] likely be accepted as a port if I attempted
to undertake the task?

        -JP


[1] http://git.hands.com/ssh-copy-id
[2] https://github.com/openssh/openssh-portable/tree/master/contrib
[3] from the man page: The ssh-copy-id utility was written by Eitan
Adler <[hidden email]> as a drop-in replacement for an existing
utility included with OpenSSH.

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Travis Cole
On Tue, Jan 14, 2020, at 00:47, Jan-Piet Mens wrote:

> ssh-copy-id [1] is a script to copy one's SSH keys to remote hosts,
> ensuring that ~/.ssh and authorized_keys are created with correct
> permissions. The script uses ssh(1) to log into a remote machine (using
> a login password).
>
> This script is available in portable OpenSSH [2] and is installed on
> many (most?) Linux distributions, macOS, and from a different source
> [3], in FreeBSD.
>
> Would ssh-copy-id from [1] likely be accepted as a port if I attempted
> to undertake the task?

As a user, I would like this to exist as a port. I miss it regularly.
Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Stuart Henderson
In reply to this post by Jan-Piet Mens-2
On 2020/01/14 09:47, Jan-Piet Mens wrote:

> ssh-copy-id [1] is a script to copy one's SSH keys to remote hosts, ensuring
> that ~/.ssh and authorized_keys are created with correct permissions. The
> script uses ssh(1) to log into a remote machine (using a login password).
>
> This script is available in portable OpenSSH [2] and is installed on many
> (most?) Linux distributions, macOS, and from a different source [3], in
> FreeBSD.
>
> Would ssh-copy-id from [1] likely be accepted as a port if I attempted to
> undertake the task?
>
> -JP
>
>
> [1] http://git.hands.com/ssh-copy-id
> [2] https://github.com/openssh/openssh-portable/tree/master/contrib
> [3] from the man page: The ssh-copy-id utility was written by Eitan Adler
> <[hidden email]> as a drop-in replacement for an existing utility
> included with OpenSSH.
>

Seems reasonable - is there a stable distfile somewhere or does it
need mirroring?

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Jan-Piet Mens-2
>Seems reasonable - is there a stable distfile somewhere or does it
>need mirroring?

I'm aware only of the git repository at [1], in other words, I assume if
we need a .tar.gz it needs mirroring. Is there provision at ports@ to do
that or do I try to create the port to pull a specific git tag from [1]?

        -JP

[1] http://git.hands.com/ssh-copy-id

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Stuart Henderson
On 2020/01/17 14:55, Jan-Piet Mens wrote:

> > Seems reasonable - is there a stable distfile somewhere or does it
> > need mirroring?
>
> I'm aware only of the git repository at [1], in other words, I assume if we
> need a .tar.gz it needs mirroring. Is there provision at ports@ to do that
> or do I try to create the port to pull a specific git tag from [1]?
>
> -JP
>
> [1] http://git.hands.com/ssh-copy-id
>

tar.gz files generated by gitweb are subject to change so we try to avoid using
them directly.

I've just mirrored it at https://spacehopper.org/ssh-copy-id-20161215.tar.gz,
the port Makefile will need WRKDIST=${WRKDIR}/ssh-copy-id-b32a55c

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Bryan Steele-2
On Fri, Jan 17, 2020 at 02:33:09PM +0000, Stuart Henderson wrote:

> On 2020/01/17 14:55, Jan-Piet Mens wrote:
> > > Seems reasonable - is there a stable distfile somewhere or does it
> > > need mirroring?
> >
> > I'm aware only of the git repository at [1], in other words, I assume if we
> > need a .tar.gz it needs mirroring. Is there provision at ports@ to do that
> > or do I try to create the port to pull a specific git tag from [1]?
> >
> > -JP
> >
> > [1] http://git.hands.com/ssh-copy-id
> >
>
> tar.gz files generated by gitweb are subject to change so we try to avoid using
> them directly.
>
> I've just mirrored it at https://spacehopper.org/ssh-copy-id-20161215.tar.gz,
> the port Makefile will need WRKDIST=${WRKDIR}/ssh-copy-id-b32a55c

From the discussion on Twitter, djm@ said [0] the ssh-copy-id script has
been distributed with OpenSSH portable, in the contribs directory. It
is not installed by the Makefile, this is done by Linux distributions.

I assume a better distfile would be OpenSSH portable tarballs. At least
that will be what is on other systems (Except FreeBSD). We're already
widely mirroring it.

https://www.openssh.com/portable.html

./openssh-8.0p1/contrib/ssh-copy-id
./openssh-8.0p1/contrib/ssh-copy-id.1


[0] https://twitter.com/damienmiller/status/1216835366604328960

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Jan-Piet Mens-2
>I assume a better distfile would be OpenSSH portable tarballs.

It occurred to me, but I assumed the original source repository of the
script would be the cleaner method.

>./openssh-8.0p1/contrib/ssh-copy-id

Would there be a reason for using 8.0p1 instead of 8.1p1 ?

        -JP

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Jan-Piet Mens-2
I've submitted a port at [1].

        -JP

[1] https://marc.info/?l=openbsd-ports&m=157934217426742&w=2

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Bryan Steele-2
In reply to this post by Jan-Piet Mens-2
On Sat, Jan 18, 2020 at 10:14:57AM +0100, Jan-Piet Mens wrote:
> > I assume a better distfile would be OpenSSH portable tarballs.
>
> It occurred to me, but I assumed the original source repository of the
> script would be the cleaner method.
>
> > ./openssh-8.0p1/contrib/ssh-copy-id
>
> Would there be a reason for using 8.0p1 instead of 8.1p1 ?

No, I just downloaded the wrong tarball. :-)

> -JP
>
>

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Landry Breuil-5
In reply to this post by Jan-Piet Mens-2
On Tue, Jan 14, 2020 at 09:47:11AM +0100, Jan-Piet Mens wrote:
> ssh-copy-id [1] is a script to copy one's SSH keys to remote hosts, ensuring
> that ~/.ssh and authorized_keys are created with correct permissions. The
> script uses ssh(1) to log into a remote machine (using a login password).

Fwiw, on OpenBSD ~/.ssh and authorized_keys are created with correct
permissions by default, at least for user root...

https://marc.info/?l=openbsd-cvs&m=148688978308030&w=2

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Antoine Jacoutot-7
Same for regular users from skel


Antoine

> On 20 Jan 2020, at 19:29, Landry Breuil <[hidden email]> wrote:
>
> On Tue, Jan 14, 2020 at 09:47:11AM +0100, Jan-Piet Mens wrote:
>> ssh-copy-id [1] is a script to copy one's SSH keys to remote hosts, ensuring
>> that ~/.ssh and authorized_keys are created with correct permissions. The
>> script uses ssh(1) to log into a remote machine (using a login password).
>
> Fwiw, on OpenBSD ~/.ssh and authorized_keys are created with correct
> permissions by default, at least for user root...
>
> https://marc.info/?l=openbsd-cvs&m=148688978308030&w=2
>

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Landry Breuil-5
On Mon, Jan 20, 2020 at 08:50:05PM +1100, Antoine Jacoutot wrote:
> Same for regular users from skel

Ah, wasnt sure about it since i didnt find the corresponding commit, but
thanks for confirming :)


All that to say that 'ensuring that ~/.ssh and authorized_keys are
created with correct permissions' shouldnt be the reason for porting
ssh-copy-id - but only to actually copy the key.. :)

> > On 20 Jan 2020, at 19:29, Landry Breuil <[hidden email]> wrote:
> >
> > On Tue, Jan 14, 2020 at 09:47:11AM +0100, Jan-Piet Mens wrote:
> >> ssh-copy-id [1] is a script to copy one's SSH keys to remote hosts, ensuring
> >> that ~/.ssh and authorized_keys are created with correct permissions. The
> >> script uses ssh(1) to log into a remote machine (using a login password).
> >
> > Fwiw, on OpenBSD ~/.ssh and authorized_keys are created with correct
> > permissions by default, at least for user root...
> >
> > https://marc.info/?l=openbsd-cvs&m=148688978308030&w=2
> >
>

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Philipp Buehler
Am 20.01.2020 10:59 schrieb Landry Breuil:

> On Mon, Jan 20, 2020 at 08:50:05PM +1100, Antoine Jacoutot wrote:
>> Same for regular users from skel
>
> Ah, wasnt sure about it since i didnt find the corresponding commit,
> but
> thanks for confirming :)
>
>
> All that to say that 'ensuring that ~/.ssh and authorized_keys are
> created with correct permissions' shouldnt be the reason for porting
> ssh-copy-id - but only to actually copy the key.. :)

Maybe the *target* of this ssh-copy-id is not an openbsd box - or not
a "modern" one. AFAIR this .ssh/authorized_keys create+ensure
modes was added last year (or 2018)?


--
pb

Reply | Threaded
Open this post in threaded view
|

Re: should we port ssh-copy-id ?

Stuart Henderson
In reply to this post by Landry Breuil-5
On 2020/01/20 10:59, Landry Breuil wrote:

> On Mon, Jan 20, 2020 at 08:50:05PM +1100, Antoine Jacoutot wrote:
> > Same for regular users from skel
>
> Ah, wasnt sure about it since i didnt find the corresponding commit, but
> thanks for confirming :)
>
>
> All that to say that 'ensuring that ~/.ssh and authorized_keys are
> created with correct permissions' shouldnt be the reason for porting
> ssh-copy-id - but only to actually copy the key.. :)
>
> > > On 20 Jan 2020, at 19:29, Landry Breuil <[hidden email]> wrote:
> > >
> > > On Tue, Jan 14, 2020 at 09:47:11AM +0100, Jan-Piet Mens wrote:
> > >> ssh-copy-id [1] is a script to copy one's SSH keys to remote hosts, ensuring
> > >> that ~/.ssh and authorized_keys are created with correct permissions. The
> > >> script uses ssh(1) to log into a remote machine (using a login password).
> > >
> > > Fwiw, on OpenBSD ~/.ssh and authorized_keys are created with correct
> > > permissions by default, at least for user root...
> > >
> > > https://marc.info/?l=openbsd-cvs&m=148688978308030&w=2
> > >
> >
>

ssh-copy-id is for copying keys onto any random OS.