This is a simple patch to a simple problem that took me some time to find. I had set LogLevel=Quiet on a group of hosts to mute some output in scripts. In hindsight, this was a stupid decision. I could have used LogLevel=Error just as well. When later trying to script something using ssh-copy-id, it would insist the key was already there. Yet scp kept prompting for a passord... Turns out ssh-copy-id relies on the output of ssh to determine whether the key is already in place. No error => key already there. Loglevel Quiet => key already there. Haha.. Fooled me! ;-) The fix is simple. If ssh-copy-id needs an error output, it should force this output to be there, independent of other configurations: (Patch against openssh-clients-6.9p1-9.fc22.x86_64 on a Fedora system) --- /usr/bin/ssh-copy-id.org 2016-01-05 13:45:08.551829298 +0100 +++ /usr/bin/ssh-copy-id 2016-01-05 12:28:28.537612334 +0100 @@ -216,6 +216,7 @@ # find if only given the contents of the .pub file in an # unrelated tmpfile ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \ -o PreferredAuthentications=publickey \ + -o LogLevel=Error \ -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null if [ "$?" = "$L_SUCCESS" ] ; then : > $L_TMP_ID_FILE _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev