ssh-copy-id Command: Tutorial & Examples

Copy SSH keys to a remote server

The ssh-copy-id command is a handy utility that saves you from the hassle of manually copying your public SSH key to the remote server. This is a vital task when setting up SSH-based authentication on your Linux server. This command is part of the OpenSSH package and is available on almost all Linux distributions.

What it does

The ssh-copy-id command copies the local host's public key to the remote host's authorized_keys file. It also automatically repairs the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to prevent potential problems with ssh refusing to connect due to file permissions being too open.

How it works

First, the ssh-copy-id command tries to log into the specified machine using ssh. It then assembles a list of one or more fingerprints (depending on the number of keys to be installed) and asks the user to confirm that they are correct. Once the user confirms, it appends the keys to the remote user's ~/.ssh/authorized_keys and exits.

How to use it

The basic syntax of the ssh-copy-id command is:

ssh-copy-id [-i [identity_file]] [user@]hostname

The -i option is used to specify the identity file. If this option is not provided, the command will use the default identity file. The user@hostname specifies the remote host where you want to copy the public key.

For example, to copy your public key to the remote server at 192.168.0.101 as user john, you would run:

ssh-copy-id john@192.168.0.101

Importance of the ssh-copy-id command

The ssh-copy-id command is important because it simplifies the process of configuring SSH-based authentication. It takes care of copying the keys, setting the correct permissions, and avoiding common pitfalls that could cause ssh to refuse connections.

Common Parameters

The ssh-copy-id command has a few command-line parameters:

  • -i [identity_file]: Specifies the identity file that the public key is read from.
  • -f: Forces the copy of the identity file even if it is already present on the remote system.
  • -n: Don't contact the remote system. Just print what would have been executed.

Potential Problems and Pitfalls

While ssh-copy-id is generally straightforward to use, there can be some issues that you might encounter.

  1. One common issue is forgetting to replace the user@hostname with the actual username and hostname of the remote server.
  2. Another common issue is not having the correct permissions on the remote server. If the user doesn't have write permissions to the ~/.ssh/authorized_keys file, the command will fail.
  3. If the remote server doesn't have a ~/.ssh directory, the command will fail. However, this is automatically created when the user runs the ssh command for the first time.

Typical error messages and their corresponding problems include:

ssh: connect to host <hostname> port 22: Connection refused

This error indicates that the SSH server is not running on the remote host or a network issue is blocking the connection.

Permission denied (publickey).

This error indicates that the public key is not in the remote host's ~/.ssh/authorized_keys file or the user has entered the wrong password.

In both cases, the solution is to ensure that the SSH server is running, the network connection is working, and that the correct username and password have been used.

Except where otherwise noted, content on this site is licensed under a CC BY-SA 4.0 license CC BY SA