ssh-copy-id and Dropbear Server

Thank you for taking the time to file a bug report.

I don't know if I fully understand the issue here. I installed dropbear inside a container, started it, and then ran ssh-copy-id on the host in order to copy my public key to the dropbear server. It got copied successfully and I was able to login via SSH without issues later.

Could you please provide reproduction steps here? Also, from your description, it doesn't seem like this is an openssh bug. But first we need to verify whether this is really an issue or not.

Since there is not enough information in your report to begin triage or to
differentiate between a local configuration problem and a bug in Ubuntu, I
am marking this bug as "Incomplete". We would be grateful if you would:
provide a more complete description of the problem, explain why you
believe this is a bug in Ubuntu rather than a problem specific to your
system, and then change the bug status back to "New".

For local configuration issues, you can find assistance here:
http://www.ubuntu.com/support/community

the problem is in this file https://github.com/openssh/openssh-portable/blob/master/contrib/ssh-
copy-id

in line 335

dropbear*)
    populate_new_ids 0
    [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
      $SSH "$@" "$(installkeys_sh /etc/dropbear/authorized_keys)" \
      || exit 1
    ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
    ;;

dropbear only uses the file /etc/dropbear/authorized_keys if it was patched
in the upstream version of dropbear the patch is not included

im working with some embedded systems where the file /etc/dropbear/authorized_keys is not writeable

with older ubuntu systems ssh-copy-id was working
but since that change in ssh-copy-id can't install the ssh key anymore

I don't know much about dropbear but from your explanation it does indeed sound like this is an upstream OpenSSH bug that should be reported at https://bugzilla.mindrot.org/.

I found a (somehow stale) upstream PR that addresses this:

  https://github.com/openssh/openssh-portable/pull/250

We could include this as an Ubuntu patch, but it would be better to first see it merged upstream. It may be worth pinging there.

Just to add a voice to this: we see the same things migrating from 18.04 to 22.04 while controlling some embedded ARM/Debian devices running dropbear. The key are indeed appearing in the wrong place as stated above and the log in does not proceed as expected. We can work around this for production systems, but the behaviour is confusing (and obviously not consistent between 18.04 and 22.04).

Thanks for the further clarification.

We don't carry delta for openssh in Ubuntu, and since this is a low priority bug it should really be reported against the Debian openssh package. Could you please file a bug there and post its link here?

Thanks.