Upstream ssh-copy-id Fix

README.md

Arch Linux (and I assume several other mostly-as-is distros) currently ships a broken version of the ssh-copy-id script with their openssh package because the upstream developers decided to merge a "ported" version of the script by Phil Hands back into upstream. While it contains many improvements it does reintroduce the error messages and changes actually not taking any effect in authorized_keys.

It turns out getting the new script back running is pretty simple with the changes listed below.

I suggest copying the original script from /usr/bin/ssh-copy-id to a new folder that you prepend to your $PATH (like $HOME/.local/bin) and then applying the patch listed here. This way the copy will take effect in $PATH searches until the issue is resolved so you can safely delete the file.

fix.patch

--- /usr/bin/ssh-copy-id        2020-10-02 18:28:13.000000000 +0200
+++ /usr/bin/ssh-copy-id        2020-10-16 12:09:46.166384200 +0200
@@ -247,7 +247,7 @@
   #    the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
   #    the cat adds the keys we're getting via STDIN
   #    and if available restorecon is used to restore the SELinux context
-  INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF)
+  INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
        cd;
        umask 077;
        mkdir -p $(dirname "${AUTH_KEY_FILE}") &&
@@ -258,6 +258,7 @@
          restorecon -F .ssh ${AUTH_KEY_FILE};
        fi
 EOF
+  )
 
   # to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
   printf "exec sh -c '%s'" "${INSTALLKEYS_SH}"