#1058899 openssh-client: ssh-copy-id should warn on command= when copying pub key

Package:
openssh-client
Source:
openssh-client
Description:
secure shell (SSH) client, for secure access to remote machines
Submitter:
Russell Coker
Date:
2023-12-18 01:18:13 UTC
Severity:
normal
Tags:
#1058899#5
Date:
2023-12-18 01:13:53 UTC
From:
To:
https://blog.thc.org/infecting-ssh-public-keys-with-backdoors

The above web page describes how to exploit systems via the athorized_keys
file and purports to describe how to hide backdoors in ~/.ssh/id_*.pub, the
only way that second claim could be valid is by using ssh-copy-if to blindly
copy a .pub file that has the command= string in question installed.

To address this sort of thing (and also to prevent needless confusion from
less hostile uses of command=) I think ssh-copy-id should either warn about
the use of command= in the source file or copy a sanitised version unless
explicitely told to copy that with an optional parameter.