ssh-copy-id Command: Tutorial & Examples
Copy SSH keys to a remote server
The ssh-copy-id
command is a handy utility that saves you from the hassle of manually copying your public SSH key to
the remote server. This is a vital task when setting up SSH-based authentication on your Linux server. This command is
part of the OpenSSH package and is available on almost all Linux distributions.
What it does
The ssh-copy-id
command copies the local host's public key to the remote host's authorized_keys file. It also
automatically repairs the permissions of the remote user's home, ~/.ssh
, and ~/.ssh/authorized_keys
to prevent
potential problems with ssh
refusing to connect due to file permissions being too open.
How it works
First, the ssh-copy-id
command tries to log into the specified machine using ssh
. It then
assembles a list of one or more fingerprints (depending on the number of keys to be installed) and asks the user to
confirm that they are correct. Once the user confirms, it appends the keys to the remote user's ~/.ssh/authorized_keys
and exits.
How to use it
The basic syntax of the ssh-copy-id
command is:
ssh-copy-id [-i [identity_file]] [user@]hostname
The -i
option is used to specify the identity file. If this option is not provided, the command will use the default
identity file. The user@hostname
specifies the remote host where you want to copy the public key.
For example, to copy your public key to the remote server at 192.168.0.101
as user john
, you would run:
ssh-copy-id john@192.168.0.101
Importance of the ssh-copy-id command
The ssh-copy-id
command is important because it simplifies the process of configuring SSH-based authentication. It
takes care of copying the keys, setting the correct permissions, and avoiding common pitfalls that could
cause ssh
to refuse connections.
Common Parameters
The ssh-copy-id
command has a few command-line parameters:
-i [identity_file]
: Specifies the identity file that the public key is read from.-f
: Forces the copy of the identity file even if it is already present on the remote system.-n
: Don't contact the remote system. Just print what would have been executed.
Potential Problems and Pitfalls
While ssh-copy-id
is generally straightforward to use, there can be some issues that you might encounter.
- One common issue is forgetting to replace the
user@hostname
with the actual username and hostname of the remote server. - Another common issue is not having the correct permissions on the remote server. If the user doesn't have write
permissions to the
~/.ssh/authorized_keys
file, the command will fail. - If the remote server doesn't have a
~/.ssh
directory, the command will fail. However, this is automatically created when the user runs thessh
command for the first time.
Typical error messages and their corresponding problems include:
ssh: connect to host <hostname> port 22: Connection refused
This error indicates that the SSH server is not running on the remote host or a network issue is blocking the connection.
Permission denied (publickey).
This error indicates that the public key is not in the remote host's ~/.ssh/authorized_keys
file or the user has
entered the wrong password.
In both cases, the solution is to ensure that the SSH server is running, the network connection is working, and that the correct username and password have been used.