SSH secures communication between a local machine and a remote machine by encrypting the traffic. But, providing the password every time you log in to a remote host is inefficient and frustrating. This can be avoided by enabling password-less SSH login.
After generating SSH public and private keys, we need to copy the public key to the remote servers’ authorized keys. The
ssh-copy-id command installs SSH public keys on a remote server’s authorized keys. By installing your public keys to the server’s authorized keys, this command removes the need to provide a password for each login.
To utilize this command, we need to install the package it is part of.
Install OpenSSH tool
ssh-copy-id command is part of the OpenSSH package and available on all major Linux distributions. If you have the OpenSSH client installed on your system, you can skip to the next step.
For Debian, Ubuntu, and Linux Mint execute the following command.
sudo apt-get update && sudo apt-get install openssh-client
For RHEL, Fedora, and CentOS:
yum -y install openssh-server openssh-clients
Generate SSH Keys
We can utilize the
ssh-keygen command to generate SSH keypairs. Once these keys are generated, we just need to copy the public key to the remote server.
Execute the following command in your terminal to generate SSH keypairs.
Keep pressing Enter at each prompt until the program finishes key generation. You will end up with the following screen when the program finishes key generation.
Add Public SSH Key to Server
Now that we have created SSH keys we can add the public key to our remote server. This can be done by using the ssh-copy-id command. There is another manual way of copying the public keys but it is time-consuming.
The basic syntax of an ssh-copy-id command is as follows:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-host
While typing the above command in your terminal, replace user with your username and replace remote-host with the host name/IP of host.
In this case, the user is root and the host IP is
192.168.56.102 so the above command will become:
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
When the above command is executed, the prompt will once ask you to confirm if you want to continue or not. This is shown in the picture below.
yes and press enter to continue. Then the prompt will once ask for the destination password. This is a one-time password entry process. After you enter the password, the prompt will inform you that the key has been added and you can
ssh@destination to confirm that the key was added. Refer to the picture below for more clarity.
The above picture makes it clear that the public key has been added to the destination machine and we can
ssh@destination that in our case is
Connect to SSH Server Without Password
After adding the public key via the
ssh-copy-id command, we can
ssh@destination anytime we want and connect to the machine without having to provide a password. The basic syntax of the command to connect to the remote server is:
Replace user with your own username and remote-hose with the host IP or host name. So if personalize the above command according to our tutorial, it will become:
When the above command is executed, the prompt will inform you of the exact time and date you logged into the destination machine.
You can also execute the ls command to check whether you are connected to the destination machine or not. This is further demonstrated in the picture below.
As you can see in the above picture, we are now logged in as
anaconda-ks.cfg which is the host machine name that I used for this tutorial.
ssh-copy-id, you can enable passwordless entry to a server. However, it is not recommended to enable passwordless authentication for all the systems. Instead, use this method to access servers you use regularly.
ssh-copy-id Command Options
Take a look at the basic syntax command below and then we’ll go through what each of the flags is used for.
ssh-copy-id [-f] [-n] [-i identity file] [-p port] [-o ssh_option] [user@]remote-host
In the above command:
-f: This flag means that the command will not check whether the key is already configured as an authorized_key and will add it. This can often result in multiple copies of the same key installed on the server.
-n: This flag will print the keys that are intended for installation without installing them on the host server.
-i: This flag specifies the identity file that will be copied to the remote host. The default is
~/.ssh/id_rsa. If you don’t specify this argument, all the keys present at
ssh-add -Lwill be added. If
ssh-add -Ldoes not return any key, then the most recently modified key matching the
~/.ssh/id*.pubwill be used.
-p: This flag is used to connect to a specific SSH post instead of the default port 22.
-o ssh_option: This flag can be used to override the configuration setting for the client.
In this tutorial we learned what is ssh-copy-id command, how to generate SSH keys, how to add a public SSH key to a server using the
ssh-copy-id command and enable passwordless authentication for the destination machine.
Always proceed with caution when using this command because misconfigured keys can result in security breaches or getting locked out of the system.