Debian Bug report logs - #658675
/usr/bin/ssh-copy-id: selinux contexts as in/for compatibility with RHEL/Fedora

version graph

Package: openssh-client; Maintainer for openssh-client is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for openssh-client is src:openssh.

Reported by: shawn <shawnlandden@gmail.com>

Date: Sun, 5 Feb 2012 03:48:02 UTC

Severity: normal

Tags: patch

Found in version 1:5.9p1-2em1

Fixed in version openssh/1:6.0p1-3

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#658675; Package openssh-client. (Sun, 05 Feb 2012 03:48:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to shawn <shawnlandden@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Sun, 05 Feb 2012 03:48:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: shawn <shawnlandden@gmail.com>
To: submit@bugs.debian.org
Subject: /usr/bin/ssh-copy-id: selinux contexts as in/for compatibility with RHEL/Fedora
Date: Sat, 04 Feb 2012 19:46:16 -0800
Package: openssh-client
Version: 1:5.9p1-2em1
Severity: normal
File: /usr/bin/ssh-copy-id

if you use ssh-copy-id targeting a default Centos install, you cannot 
immediately log in with public key
authentication because of selinux context issues.

This is documented in the Centos release notes here: 
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.2#head-652041430eedc0752937ec8252c52132e574fd2a
and it is noted that the Centos version of ssh-copy-id is patched to not fail 
due to this additional hurdle.

debian's ssh-copy-id should be aware of this type of problem whether on a 
selinux debian machine (non-default) or
on default fedora/centos/RHEL installs.

Thx

Shawn Landden

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing-grip
  APT policy: (992, 'testing-grip'), (991, 'unstable-grip'), (500, 'testing'), 
(201, 'unstable')
Architecture: armel (armv5tel)

Kernel: Linux 3.2.2-tomoyo (PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser                3.113em1              
ii  debconf [debconf-2.0]  1.5.41em1             
ii  dpkg                   1.16.1.2em1           
ii  libc6                  2.13-21em1            
ii  libedit2               2.11-20080614-3em1    
ii  libgcc1                1:4.6.2-12em1         
ii  libgssapi-krb5-2       1.10+dfsg~beta1-2em1  
ii  libselinux1            2.1.0-4em1            
ii  libssl1.0.0            1.0.0g-1em1           
ii  passwd                 1:4.1.4.2+svn3283-3em1
ii  zlib1g                 1:1.2.3.4.dfsg-3em1   

openssh-client recommends no packages.

openssh-client suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#658675; Package openssh-client. (Fri, 17 Aug 2012 15:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 17 Aug 2012 15:27:03 GMT) Full text and rfc822 format available.

Message #10 received at 658675@bugs.debian.org (full text, mbox):

From: Laurent Bigonville <bigon@debian.org>
To: 658675@bugs.debian.org
Subject: Re: /usr/bin/ssh-copy-id: selinux contexts as in/for compatibility with RHEL/Fedora
Date: Fri, 17 Aug 2012 17:24:45 +0200
[Message part 1 (text/plain, inline)]
tag 658675 + patch
thanks

Hi,

I've attached a patch that should fix this issue. It's calling
restorecon after adding the key to ~/.ssh/authorized_keys. It's similar
to the patch added to the centos/redhat rpm.

Cheers

Laurent Bigonville
[copy-id-restorecon.patch (text/x-patch, attachment)]

Added tag(s) patch. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Fri, 17 Aug 2012 15:27:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#658675; Package openssh-client. (Fri, 24 Aug 2012 05:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 24 Aug 2012 05:51:03 GMT) Full text and rfc822 format available.

Message #17 received at 658675@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Laurent Bigonville <bigon@debian.org>, 658675@bugs.debian.org
Subject: Re: Bug#658675: /usr/bin/ssh-copy-id: selinux contexts as in/for compatibility with RHEL/Fedora
Date: Fri, 24 Aug 2012 06:45:49 +0100
On Fri, Aug 17, 2012 at 05:24:45PM +0200, Laurent Bigonville wrote:
> I've attached a patch that should fix this issue. It's calling
> restorecon after adding the key to ~/.ssh/authorized_keys. It's similar
> to the patch added to the centos/redhat rpm.

Thanks.  I think I might as well just apply the Fedora patch directly;
I've done that locally.

-- 
Colin Watson                                       [cjwatson@debian.org]



Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Fri, 24 Aug 2012 06:51:05 GMT) Full text and rfc822 format available.

Notification sent to shawn <shawnlandden@gmail.com>:
Bug acknowledged by developer. (Fri, 24 Aug 2012 06:51:05 GMT) Full text and rfc822 format available.

Message #22 received at 658675-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 658675-close@bugs.debian.org
Subject: Bug#658675: fixed in openssh 1:6.0p1-3
Date: Fri, 24 Aug 2012 06:47:41 +0000
Source: openssh
Source-Version: 1:6.0p1-3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 658675@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 24 Aug 2012 06:55:36 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.0p1-3
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 658675 675362 681670
Changes: 
 openssh (1:6.0p1-3) unstable; urgency=low
 .
   * debconf template translations:
     - Add Indonesian (thanks, Andika Triwidada; closes: #681670).
   * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
     SELinux policies require this (closes: #658675).
   * Add ncurses-term to openssh-server's Recommends, since it's often needed
     to support unusual terminal emulators on clients (closes: #675362).
Checksums-Sha1: 
 509d2e6e8a8936aae787f701c7d9b5422b689ef5 2535 openssh_6.0p1-3.dsc
 e32fd23bfd2ed2999d07ad5122f38027d602fd79 247304 openssh_6.0p1-3.debian.tar.gz
 bacde18815f4884598f55d301008a754f9733598 1045646 openssh-client_6.0p1-3_i386.deb
 558fce6a739b5dd3752d01ee15695de50938eae7 342590 openssh-server_6.0p1-3_i386.deb
 2fb2994133f1c8ae710fe4fd40d8467a55340f7f 1244 ssh_6.0p1-3_all.deb
 19c3b81e065f0b809caf6d3bdc7075f892398417 88566 ssh-krb5_6.0p1-3_all.deb
 4b76f97f180821bdd6352787c13bb4eb16aba65d 96698 ssh-askpass-gnome_6.0p1-3_i386.deb
 d603e6b604b455f83050c7585f75f0e75834e0d1 181014 openssh-client-udeb_6.0p1-3_i386.udeb
 89ff745dd9feddc901b56d691f85d29010929c12 193772 openssh-server-udeb_6.0p1-3_i386.udeb
Checksums-Sha256: 
 1fc9a75f5fc451144d0e94f3aba8b90e1d2e87d8c9d60fb627e23b5532512ede 2535 openssh_6.0p1-3.dsc
 7d8ebb8f22f4972e3023d8b61b93dc53ae83d03930ba7d9bf2d4967ee97e52ac 247304 openssh_6.0p1-3.debian.tar.gz
 2b420437768ca807dce83aba9a14ad3a37b5dda6ed152dfa5a9e1412046c0958 1045646 openssh-client_6.0p1-3_i386.deb
 5f76957de18b03290f359a9bda5b1db8c527b30d35011b2449ee71abbc2c0aed 342590 openssh-server_6.0p1-3_i386.deb
 73f5c4f50838e865744e5b3b054f9c2fd272aac3916c1b44ad9d971715d00f85 1244 ssh_6.0p1-3_all.deb
 3c1f489c74645e16f922e84f02cd14cea96d6e9d2b7916b4c2523c49d6dbab22 88566 ssh-krb5_6.0p1-3_all.deb
 afa6abcd3b093ad9b82cc70602be0bfee2b075684e08be66ba82b1d8d8b89850 96698 ssh-askpass-gnome_6.0p1-3_i386.deb
 974e1b0d5452581ec6ae4af3086628cddbc0ba78090ca6f16d7f39b005fdba1e 181014 openssh-client-udeb_6.0p1-3_i386.udeb
 270ad93ff77afcbeda3d0a35bc176ce283b60ed8f5067289b08fbc320194f30e 193772 openssh-server-udeb_6.0p1-3_i386.udeb
Files: 
 f8e274a2cd10678f508cac635b943726 2535 net standard openssh_6.0p1-3.dsc
 c0f29335312c15787726f18e19f67fe2 247304 net standard openssh_6.0p1-3.debian.tar.gz
 006446826967dd7f3c32170043e7fc2d 1045646 net standard openssh-client_6.0p1-3_i386.deb
 a5cea07cbda1ddaa55cd51031ab12c73 342590 net optional openssh-server_6.0p1-3_i386.deb
 330617cafb24ca1ff563db15679390ea 1244 net extra ssh_6.0p1-3_all.deb
 1e401b11c04210333bfb86effebcc7d4 88566 oldlibs extra ssh-krb5_6.0p1-3_all.deb
 860b103cc4609a0cfbdc9fe71a452b4e 96698 gnome optional ssh-askpass-gnome_6.0p1-3_i386.deb
 18bde7de2a07fadca06e0a54a89e422a 181014 debian-installer optional openssh-client-udeb_6.0p1-3_i386.udeb
 b2d32def7d8348ce16d868fab7bc36de 193772 debian-installer optional openssh-server-udeb_6.0p1-3_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBUDcfbzk1h9l9hlALAQiSjQ//RQua+StUbsgAlNWwf29FPBxdSydhB73+
jjboXLotRt8AMEV7eEg3IC810UiAm58im+bL7B4TL1eaSbbeTYfA6AvKoLOlIVY0
gi5TSIsHIzSorbR0FBgrx4j2v0KUgHDsMwmMNaa69+fqlz6p0QXORS5VKgBtBDfn
/0kEOm2ijnTqK//cK5D84u8v3wZC4PvmmSPeeHaZE/yVDKqBTuqCckDbO6Pl07WR
KypzpPciSQV9dDWsMX2kju8COFtBbwI42vJsp5R+g0ZtPAJ6rpHS0qjAnZfX2DsR
zl6VzIpQ1ug4oHHOSgpGje7JNL7IiiLTDMP9DypqcOs/999pvLkIB51PAqGpuIeB
1p7V/JbRjMYD4pKCNPp22xcoGa1oSN4NaarIiXLHTvDxZB+Zi6hB5tbQjvKjEzwy
baSs7DTUr4C3ERUfvPeC4ofvzgQRZzo/URymsusf05xMYA22HWo5zY9gkee0vCT9
LLkJCr61tk/hCYboINOOrdgJxpncUthukoWdceDOTRu+Y5ph8UShdtK0oBehpMwr
Fw/nZo1fA9prVCtQyIKdSY2zE4AR3PBfQWen62tZTXop82KVtaWSDkEuvaqRJoUw
JVPjNlId6UC0rasRVFy0d+3tpwQfldsBZGwJzuj5m4IWqaozkCB1AELVhvQkzQyi
IgS4a4n+AV0=
=fQcz
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 21 Sep 2012 07:39:16 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 16:54:49 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.