ssh-copy-id Command: Tutorial & Examples
Copy SSH keys to a remote server
ssh-copy-id command is a handy utility that saves you from the hassle of manually copying your public SSH key to
the remote server. This is a vital task when setting up SSH-based authentication on your Linux server. This command is
part of the OpenSSH package and is available on almost all Linux distributions.
What it does
ssh-copy-id command copies the local host's public key to the remote host's authorized_keys file. It also
automatically repairs the permissions of the remote user's home,
~/.ssh/authorized_keys to prevent
potential problems with
ssh refusing to connect due to file permissions being too open.
How it works
ssh-copy-id command tries to log into the specified machine using
ssh. It then
assembles a list of one or more fingerprints (depending on the number of keys to be installed) and asks the user to
confirm that they are correct. Once the user confirms, it appends the keys to the remote user's
How to use it
The basic syntax of the
ssh-copy-id command is:
ssh-copy-id [-i [identity_file]] [user@]hostname
-i option is used to specify the identity file. If this option is not provided, the command will use the default
identity file. The
user@hostname specifies the remote host where you want to copy the public key.
For example, to copy your public key to the remote server at
192.168.0.101 as user
john, you would run:
Importance of the ssh-copy-id command
ssh-copy-id command is important because it simplifies the process of configuring SSH-based authentication. It
takes care of copying the keys, setting the correct permissions, and avoiding common pitfalls that could
ssh to refuse connections.
ssh-copy-id command has a few command-line parameters:
-i [identity_file]: Specifies the identity file that the public key is read from.
-f: Forces the copy of the identity file even if it is already present on the remote system.
-n: Don't contact the remote system. Just print what would have been executed.
Potential Problems and Pitfalls
ssh-copy-id is generally straightforward to use, there can be some issues that you might encounter.
- One common issue is forgetting to replace the
user@hostnamewith the actual username and hostname of the remote server.
- Another common issue is not having the correct permissions on the remote server. If the user doesn't have write
permissions to the
~/.ssh/authorized_keysfile, the command will fail.
- If the remote server doesn't have a
~/.sshdirectory, the command will fail. However, this is automatically created when the user runs the
sshcommand for the first time.
Typical error messages and their corresponding problems include:
ssh: connect to host <hostname> port 22: Connection refused
This error indicates that the SSH server is not running on the remote host or a network issue is blocking the connection.
Permission denied (publickey).
This error indicates that the public key is not in the remote host's
~/.ssh/authorized_keys file or the user has
entered the wrong password.
In both cases, the solution is to ensure that the SSH server is running, the network connection is working, and that the correct username and password have been used.