Back to Commands

ssh-copy-id

networkingLinux/Unix/Windows
The ssh-copy-id command is one of the most frequently used commands in Linux/Unix-like operating systems. ssh-copy-id The ssh-copy-id command installs an SSH public key on a remote server as an authorized key. This enables secure passwordless SSH logins to the remote system, allowing you to authenticate using your private key instead of typing your password each time.
See ExamplesView Syntax

Quick Reference

Command Name:

ssh-copy-id

Category:

networking

Platform:

Linux/Unix/Windows

Basic Usage:

ssh-copy-id [options] [arguments]

Common Use Cases

  • 1

    Public key deployment

    Securely copy your SSH public key to a remote server for passwordless authentication

  • 2

    Server access setup

    Configure remote servers to allow secure key-based authentication

  • 3

    Automation preparation

    Enable scripted access to servers without interactive password prompts

  • 4

    Multi-server configuration

    Deploy the same public key to multiple servers for consistent authentication

Syntax

ssh-copy-id [options] [-i [identity_file]] [user@]hostname

Options

Option Description
-i identity_file Use the specified file as the identity (public key) to copy
-f Force mode - don't check if the key is already installed
-n Dry run - just print what would be done
-h, --help Display help message and exit
-p port Connect to the specified port on the remote host
-o ssh_option Pass options to ssh in the format used in ssh_config

Examples

How to Use These Examples

The examples below show common ways to use the ssh-copy-id command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

#

Basic Usage:

ssh-copy-id user@hostname

Copy your default public key (~/.ssh/id_rsa.pub, ~/.ssh/id_dsa.pub, etc.) to the remote host.

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@hostname

Copy a specific public key to the remote host.

ssh-copy-id -i ~/.ssh/id_rsa.pub -p 2222 user@hostname

Copy your public key to a host using a non-standard SSH port.

Advanced Usage:

ssh-copy-id -i ~/.ssh/id_rsa.pub "user@hostname -p 2222"

Copy a key to a host with additional SSH options.

ssh-copy-id -f -i ~/.ssh/id_rsa.pub user@hostname

Copy the key without checking if it's already installed (force mode).

ssh-copy-id -o "StrictHostKeyChecking=no" user@hostname

Copy a key while disabling host key checking (useful for first-time connections).

cat ~/.ssh/id_rsa.pub | ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Alternative method without using ssh-copy-id (useful on systems where it's not available).

ssh-copy-id -i multiple_keys.pub user@hostname

Copy multiple keys contained in a single file.

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

How ssh-copy-id Works:

  • ssh-copy-id connects to the remote host using SSH (with password authentication)
  • It adds your public key to the ~/.ssh/authorized_keys file on the remote system
  • Future SSH connections will authenticate using your private key instead of a password
  • The command ensures proper permissions are set on the ~/.ssh directory and files
  • It checks if the key is already installed to avoid duplicate entries

Benefits of SSH Key Authentication:

  • Convenience: No need to type passwords for each connection
  • Security: More secure than password authentication (resistant to brute force attacks)
  • Automation: Enables passwordless scripts, backups, and system administration tasks
  • Agent Forwarding: Can authenticate to other servers from the remote host without copying keys
  • Two-Factor Authentication: Can be combined with other auth methods for enhanced security

Troubleshooting:

  • Permission Issues: Make sure the remote ~/.ssh directory has 700 permissions (chmod 700 ~/.ssh)
  • authorized_keys Permissions: The file should have 600 permissions (chmod 600 ~/.ssh/authorized_keys)
  • Home Directory Permissions: Some SSH servers require that your home directory isn't writable by others
  • Missing .ssh Directory: ssh-copy-id will create it if needed, but manual creation might be necessary
  • SSH Server Configuration: Ensure the server allows public key authentication (PubkeyAuthentication yes)
  • Failed Connection: Use the -v option with SSH to debug connection issues

Key Preparation:

  • Generate a key pair with ssh-keygen if you don't have one already
  • Modern, secure keys use the Ed25519 algorithm: ssh-keygen -t ed25519
  • RSA keys are widely compatible but should use at least 3072 bits: ssh-keygen -t rsa -b 3072
  • Always protect your private key with a strong passphrase
  • Consider using ssh-agent to avoid typing your passphrase repeatedly

Security Considerations:

  • Anyone with your private key can access servers where your public key is authorized
  • Keep your private key secure and passphrase-protected
  • Regularly audit authorized_keys files to remove unused or unauthorized keys
  • Consider setting expiration dates for keys in critical environments
  • For very high security, consider key+password (two-factor) authentication
  • Disable password authentication after setting up key authentication

System Administration:

  • For multiple servers, consider using a configuration management system
  • Keys can be revoked by removing them from the authorized_keys file
  • Consider using ssh-cert or SSH certificates for more advanced deployments
  • Monitor for unauthorized changes to authorized_keys files
  • Key rotation policies enhance security in enterprise environments

Related Commands:

  • ssh-keygen - Generate SSH key pairs
  • ssh-agent - Authentication agent that stores unencrypted keys in memory
  • ssh-add - Add private keys to the authentication agent
  • ssh - Secure Shell client for remote login
  • scp - Secure Copy, transfers files securely using SSH protocol
  • sftp - Secure FTP, provides FTP-like interface over SSH

Tips & Tricks

1

Specify a key: ssh-copy-id -i ~/.ssh/specific_key.pub user@host to send a specific public key

2

Non-standard port: ssh-copy-id -p 2222 user@host for servers using custom SSH ports

3

First-time connections: ssh-copy-id -o "StrictHostKeyChecking=no" user@host to bypass host verification

4

Verify success: Try ssh user@host after using ssh-copy-id to confirm passwordless login works

5

Multiple servers: Create a hosts.txt file and use for host in $(cat hosts.txt); do ssh-copy-id user@$host; done

6

Alternative method: cat ~/.ssh/id_rsa.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

7

Windows workaround: Use type instead of cat on Windows or install ssh-copy-id via Git Bash/WSL

8

Manual permissions: If having issues, run chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys on the remote server

9

Key management: Remove unwanted keys by editing ~/.ssh/authorized_keys on the remote server

Common Use Cases

Public key deployment

Securely copy your SSH public key to a remote server for passwordless authentication

Server access setup

Configure remote servers to allow secure key-based authentication

Automation preparation

Enable scripted access to servers without interactive password prompts

Multi-server configuration

Deploy the same public key to multiple servers for consistent authentication

Security enhancement

Transition from password-based to more secure key-based authentication

Related Commands

ssh

ssh

View command

ssh-keygen

ssh-keygen

View command

ssh-agent

ssh-agent

View command

ssh-add

ssh-add

View command

scp

scp

View command

sftp

sftp

View command

authorized-keys

authorized-keys

View command

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the ssh-copy-id command works in different scenarios.

See ExamplesTry Lab Exercises
$ ssh-copy-id
View All Commands