Skip to main content

Using ssh-copy-id for SSH connections management

devops
Learn how to use ssh-copy-id to easily set up passwordless SSH authentication and improve your remote server workflow.

Getting started with ssh-copy-id

If you regularly connect to remote servers via SSH, you've likely experienced the tedium of typing passwords for each connection. Not only is this inconvenient, but password-based authentication is generally less secure than key-based methods. This is where ssh-copy-id comes in - a simple utility that streamlines the process of setting up SSH key authentication.

In this article, you'll learn how to use ssh-copy-id to establish secure, passwordless connections to your remote servers. This approach enhances both security and convenience in your daily workflow.

What is ssh-copy-id?

ssh-copy-id is a script that copies your SSH public key to a remote server's authorised keys file. Once configured, you can log in to that server without entering a password. Instead, your SSH key pair handles authentication securely in the background.

Prerequisites

Before using ssh-copy-id, ensure you have:

  • SSH client installed on your local machine
  • Password-based SSH access to the remote server
  • An SSH key pair (or willingness to create one)

Creating an SSH key pair (if needed)

If you don't already have an SSH key pair, generate one with:

ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter to accept the default file location (~/.ssh/id_ed25519), then either create a passphrase or press Enter twice for no passphrase.

Note

While Ed25519 keys are recommended for modern systems, if you need compatibility with older systems, you might prefer RSA keys: 
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

</div>

Using ssh-copy-id: basic usage

The basic syntax for ssh-copy-id is straightforward:

ssh-copy-id username@remote_host

For example, to copy your key to a server at 192.168.1.100:

ssh-copy-id admin@192.168.1.100

You'll be prompted for the remote user's password. After entering it correctly, your public key will be added to the remote server's ~/.ssh/authorized_keys file.

The output should look similar to:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
admin@192.168.1.100's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'admin@192.168.1.100'"
and check to make sure that only the key(s) you wanted were added.

Advanced usage

Specifying a different identity file

If you have multiple SSH keys, specify which one to use:

ssh-copy-id -i ~/.ssh/specific_key.pub username@remote_host

Using a non-standard SSH port

For servers using a non-standard SSH port:

ssh-copy-id -p 2222 username@remote_host

Copying to multiple servers

You can create a simple loop to copy your key to multiple servers:

for server in server1 server2 server3; do
    ssh-copy-id username@$server
done

Verbose mode

For troubleshooting, use verbose mode:

ssh-copy-id -v username@remote_host

Common issues and solutions

ssh-copy-id not found

On some systems, ssh-copy-id might not be available. As an alternative, you can manually copy your public key:

cat ~/.ssh/id_ed25519.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Permission denied

If you encounter permission issues, ensure the .ssh directory has the correct permissions on the remote server:

ssh username@remote_host "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

Public key still not working

Check if the SSH server allows public key authentication by examining /etc/ssh/sshd_config on the remote server. Ensure these lines are present and uncommented:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

After making changes, restart the SSH service:

sudo systemctl restart sshd

Security considerations

While SSH key authentication is more secure than passwords, keep these points in mind:

  • Protect your private key with a strong passphrase
  • Never share your private key
  • Consider using ssh-agent to avoid typing your passphrase repeatedly
  • Regularly audit and rotate SSH keys, especially in production environments

Next steps

ssh-copy-id simplifies the process of setting up SSH key authentication, enhancing both security and convenience. By eliminating password-based logins, you reduce the risk of brute force attacks while making your workflow more efficient.

For further exploration, consider learning about SSH config files to create aliases for your frequently accessed servers, or investigate SSH agent forwarding for seamless authentication across multiple hops.