How to use the command 'ssh-copy-id' (with examples)
ssh-copy-id
is a utility widely used in the administration of remote servers to facilitate passwordless SSH access by installing your public key on a remote server’s authorized_keys
file. By copying your public key to a remote machine, you can authenticate using SSH keys rather than passwords, enhancing security and convenience.
Use case 1: Copy your keys to the remote machine
Code:
ssh-copy-id username@remote_host
Motivation:
This fundamental use case of ssh-copy-id
allows users to set up a secure and convenient connection to a remote server. By copying the user’s public key to the remote machine, it eliminates the need for password entry every time an SSH connection is initiated. This is particularly beneficial in environments where frequent SSH logins are required, as it streamlines the workflow and reduces repetitive tasks.
Explanation:
ssh-copy-id
: This command copies your public SSH key to the remote server’sauthorized_keys
file.username@remote_host
: Here,username
refers to the user account on the remote server, andremote_host
is the address of the server. These could be a domain name or an IP address. The combination uniquely identifies the server and user account that will enable SSH without a password after executing the command.
Example output:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@remote_host'"
and check to make sure that only the key(s) you wanted were added.
Use case 2: Copy the given public key to the remote
Code:
ssh-copy-id -i path/to/certificate username@remote_host
Motivation:
This use case is ideal when you have multiple SSH keys and need to specify a particular key to install on the remote machine. This approach is useful when managing different identities for different servers, ensuring that the correct credentials are used for the connection.
Explanation:
-i path/to/certificate
: The-i
option allows you to specify the path to the public SSH key file you wish to copy. This flexibility is crucial for systems with several SSH keys, as it ensures the correct key is utilized.username@remote_host
: This is the same as the first example, where it identifies the remote user account and server.
Example output:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "specified path/to/certificate"
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@remote_host'"
and check to make sure that only the key(s) you wanted were added.
Use case 3: Copy the given public key to the remote with specific port
Code:
ssh-copy-id -i path/to/certificate -p port username@remote_host
Motivation:
In scenarios where the remote server is configured to listen for SSH connections on a non-standard port, this use case provides the necessary flexibility by allowing the specification of the port number. This is often required for servers that have enhanced security configurations, where the default SSH port (22) is changed to reduce unauthorized access attempts.
Explanation:
-i path/to/certificate
: As explained previously, this specifies the public key file.-p port
: This option designates the port on which the SSH server is listening for connections. It is essential when the server uses a port different from the default SSH port, 22.username@remote_host
: Identifies the account and server.
Example output:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "specified path/to/certificate"
Now logging into the machine so we can install the keys to the appropriate location
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p port 'username@remote_host'"
and check to make sure that only the key(s) you wanted were added.
Conclusion:
The ssh-copy-id
command simplifies the process of setting up SSH key-based authentication across remote servers. By facilitating passwordless login, it not only enhances security but also streamlines access to multiple servers, which is crucial in environments that demand frequent and secure remote connections. Through different examples, we demonstrate how ssh-copy-id
can be tailored to suit different needs, such as specifying particular keys or ports, thereby illustrating its flexibility and utility in various administrative contexts.