** Branch linked: lp:~kirkland/ssh-import/trunk
--
ssh-import-lp-id: retrieve a key from Launchpad and add to the authorized_keys
file
https://bugs.launchpad.net/bugs/524226
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubunt
Par-
Can you name another public server where such keys are available?
I scoured the web and couldn't find one.
--
ssh-import-id: retrieve a key from a public keyserver and add to the
authorized_keys file
https://bugs.launchpad.net/bugs/524226
You received this bug notification because you are
I think a name like "ssh-import-launchpad-id" would be more appropriate
for something this Launchpad specific.
--
ssh-import-id: retrieve a key from a public keyserver and add to the
authorized_keys file
https://bugs.launchpad.net/bugs/524226
You received this bug notification because you are a
** Attachment added: "ssh-import-id (kirkland's version)"
http://launchpadlibrarian.net/39429538/ssh-import-id
--
ssh-import-id: retrieve a key from a public keyserver and add to the
authorized_keys file
https://bugs.launchpad.net/bugs/524226
You received this bug notification because you ar
** Attachment added: "ssh-import-id (kirkland's version)"
http://launchpadlibrarian.net/39429482/ssh-import-id
** Attachment removed: "ssh-import-id (kirkland's version)"
http://launchpadlibrarian.net/39429482/ssh-import-id
--
ssh-import-id: retrieve a key from a public keyserver and add
** Attachment removed: "ssh-import-id (kirkland's version)"
http://launchpadlibrarian.net/39429267/ssh-import-id
** Attachment added: "ssh-import-id (kirkland's version)"
http://launchpadlibrarian.net/39429418/ssh-import-id
** Attachment removed: "ssh-import-id (kirkland's version)"
htt
Jamie,
Thanks again.
(1) printf ... Got it, thanks. Fixed in new upload.
(2) env ... Ah, I see. Also, fixed in new upload.
(3) Got it, good catch.
One more thing I found/fixed... The grep for existing keys wasn't
working properly. So I fixed it with a unique sort on the file (to make
th
Dustin,
Thanks for your work on this. I have a couple of small nits and a bug fix:
1. in url_encode(), error(), warn() and info() you use something like 'printf
"ERROR: $...@\n"'. It would be better to use something like 'printf "ERROR:
%s\n" "$@"'
2. env -i isn't doing what you want here. You
Dustin,
Now that you've removed the ability to specify an arbitrary URL, I think
that's a fair assumption.
--
ssh-import-id: retrieve a key from a public keyserver and add to the
authorized_keys file
https://bugs.launchpad.net/bugs/524226
You received this bug notification because you are a mem
Attaching updated version based on Jamie's excellent feedback. I
believe I have addressed the concerns that he has raised so far.
** Attachment added: "ssh-copy-id (kirkland's version)"
http://launchpadlibrarian.net/39410267/ssh-import-id
--
ssh-import-id: retrieve a key from a public keyser
Marc-
I think that's true if you're receiving an arbitrary key from an
untrusted source (such as the first time you log into a remote server).
However, in this case, I think:
a) You're communicating over SSL with a server and a valid certificate (hence,
the server is authenticated and attested)
Standard practice would be to display the ssh key's fingerprint and ask
the user to validate it before importing it automatically.
--
ssh-import-id: retrieve a key from a public keyserver and add to the
authorized_keys file
https://bugs.launchpad.net/bugs/524226
You received this bug notificatio
On Fri, Feb 19, 2010 at 8:47 AM, Jamie Strandboge wrote:
> While I can see the utility of this script in certain situations, I'm
> not sure it is generally useful enough to put in openssh, or even cloud-
> init. It really feels like it should be in its own package. Also, I
> think we can assume th
I couldn't remember if wget would error out on an invalid certification, but
reading the man page for wget, it seems that as long as wget is compiled with
openssl, it will error out (good).
"As of Wget 1.10, the default is to verify the server's certificate against the
recognized certificate aut
Kees-
* May I ask for your opinion?
* Do we want it to remain non-trivial to add public keys to authorized_keys?
Is there a security reason for doing so?
* Is this ssh-import-id utility just a bad idea?
* Do you have security concerns about the key retrieval method?
* Is SSL and/or Lau
Colin-
Thanks for the comment. I agree that such a script should undergo a
*thorough* review before being accepted into our openssh-server package.
I also see your point, that ssh-copy-id is doing it's work over ssh
itself.
In the default configuration, ssh-import-id works against Launchpad.net
While I can see the utility of this script in certain situations, I'm
not sure it is generally useful enough to put in openssh, or even cloud-
init. It really feels like it should be in its own package. Also, I
think we can assume that someone will one day want to run this as root,
since the idea i
Additional comment to my comment 6 above, just to make clear that the
fact that it requires FFe and fails to meet papercuts criteria doesn't
prevent this from being a good idea.
I think it would be a very valuable feature for our cloud images, as
long as we get the security issues around it right.
I'd prefer to think about this quite hard before adding it to openssh,
value-add or not - the security properties worry me given that this is
something that grants access to an account based on data retrieved from
a remote system (and not everyone trusts https alone). ssh-copy-id is
quite differen
Even small, that's a new feature, so it requires FFe and should probably
not be accepted as a papercut ("only bugfixes").
--
ssh-import-id - retrieve a key from a public keyserver and add to the
authorized_keys file
https://bugs.launchpad.net/bugs/524226
You received this bug notification becaus
hmm... shoudl also probably check that pubkey starts with 'ssh-' before
adding it, to avoid some "file not found" HTML getting written to
.ssh/authorized_keys.
if url_encode "$i" && cururl=$(printf "$url" "${_RET}") &&
pubkey=$(wget --quiet -O- "$cururl") && [ -n "${pubkey}" ] &&
attached is my improved version to this, more like a program than a
shell script.
** Attachment added: "improved (imo) version."
http://launchpadlibrarian.net/39388856/ssh-import-id
--
ssh-import-id - retrieve a key from a public keyserver and add to the
authorized_keys file
https://bugs.lau
** Changed in: openssh (Ubuntu)
Assignee: Colin Watson (cjwatson) => (unassigned)
** Description changed:
ssh-copy-id is a great script for adding my public key to a remote
server.
I have a script in my ~/bin called ssh-import-id that does something
similar. It retrieves a key fr
** Summary changed:
- ssh-authorize - retrieve a key from a public keyserver and add to the
authorized_keys file
+ ssh-import-id - retrieve a key from a public keyserver and add to the
authorized_keys file
** Description changed:
ssh-copy-id is a great script for adding my public key to a re
24 matches
Mail list logo