How to Use the ssh-copy-id Command

$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-host

SSH secures communication between a local machine and a remote machine by encrypting the traffic. But, providing the password every time you log in to a remote host is inefficient and frustrating. This can be avoided by enabling password-less SSH login.

After generating SSH public and private keys, we need to copy the public key to the remote servers’ authorized keys. The ssh-copy-id command installs SSH public keys on a remote server’s authorized keys. By installing your public keys to the server’s authorized keys, this command removes the need to provide a password for each login.

To utilize this command, we need to install the package it is part of.

Install OpenSSH tool

ssh-copy-id command is part of the OpenSSH package and available on all major Linux distributions. If you have the OpenSSH client installed on your system, you can skip to the next step.

For Debian, Ubuntu, and Linux Mint execute the following command.

sudo apt-get update && sudo apt-get install openssh-client

For RHEL, Fedora, and CentOS:

yum -y install openssh-server openssh-clients

Generate SSH Keys

We can utilize the ssh-keygen command to generate SSH keypairs. Once these keys are generated, we just need to copy the public key to the remote server.

Execute the following command in your terminal to generate SSH keypairs.

ssh-keygen

Keep pressing Enter at each prompt until the program finishes key generation. You will end up with the following screen when the program finishes key generation.

word image 10898 1

Add Public SSH Key to Server

Now that we have created SSH keys we can add the public key to our remote server. This can be done by using the ssh-copy-id command. There is another manual way of copying the public keys but it is time-consuming.

The basic syntax of an ssh-copy-id command is as follows:

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

While typing the above command in your terminal, replace user with your username and replace remote-host with the host name/IP of host.

In this case, the user is root and the host IP is 192.168.56.102 so the above command will become:

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

When the above command is executed, the prompt will once ask you to confirm if you want to continue or not. This is shown in the picture below.

word image 10898 2

Type yes and press enter to continue. Then the prompt will once ask for the destination password. This is a one-time password entry process. After you enter the password, the prompt will inform you that the key has been added and you can [email protected] to confirm that the key was added. Refer to the picture below for more clarity.

word image 10898 3

The above picture makes it clear that the public key has been added to the destination machine and we can [email protected] that in our case is [email protected].

Connect to SSH Server Without Password

After adding the public key via the ssh-copy-id command, we can [email protected] anytime we want and connect to the machine without having to provide a password. The basic syntax of the command to connect to the remote server is:

ssh [email protected]

Replace user with your own username and remote-hose with the host IP or host name. So if personalize the above command according to our tutorial, it will become:

ssh [email protected]

When the above command is executed, the prompt will inform you of the exact time and date you logged into the destination machine.

You can also execute the ls command to check whether you are connected to the destination machine or not. This is further demonstrated in the picture below.

word image 10898 4

As you can see in the above picture, we are now logged in as anaconda-ks.cfg which is the host machine name that I used for this tutorial.

Using ssh-copy-id, you can enable passwordless entry to a server. However, it is not recommended to enable passwordless authentication for all the systems. Instead, use this method to access servers you use regularly.

ssh-copy-id Command Options

Take a look at the basic syntax command below and then we’ll go through what each of the flags is used for.

ssh-copy-id [-f] [-n] [-i identity file] [-p port] [-o ssh_option] [[email protected]]remote-host

In the above command:

  • -f: This flag means that the command will not check whether the key is already configured as an authorized_key and will add it. This can often result in multiple copies of the same key installed on the server.
  • -n: This flag will print the keys that are intended for installation without installing them on the host server.
  • -i: This flag specifies the identity file that will be copied to the remote host. The default is ~/.ssh/id_rsa. If you don’t specify this argument, all the keys present at ssh-add -L will be added. If ssh-add -L does not return any key, then the most recently modified key matching the ~/.ssh/id*.pub will be used.
  • -p: This flag is used to connect to a specific SSH post instead of the default port 22.
  • -o ssh_option: This flag can be used to override the configuration setting for the client.

Conclusion

In this tutorial we learned what is ssh-copy-id command, how to generate SSH keys, how to add a public SSH key to a server using the ssh-copy-id command and enable passwordless authentication for the destination machine.

Always proceed with caution when using this command because misconfigured keys can result in security breaches or getting locked out of the system.

0 Shares:
Subscribe
Notify of
guest
Receive notifications when your comment receives a reply. (Optional)
Your username will link to your website. (Optional)

0 Comments
Inline Feedbacks
View all comments
You May Also Like