Back to Commands

ssh-copy-id

networkingLinux/Unix/Windows
The ssh-copy-id command is one of the most frequently used commands in Linux/Unix-like operating systems. ssh-copy-id The ssh-copy-id command installs an SSH public key on a remote server as an authorized key. This enables secure passwordless SSH logins to the remote system, allowing you to authenticate using your private key instead of typing your password each time.
See ExamplesView Syntax

Quick Reference

Command Name:

ssh-copy-id

Category:

networking

Platform:

Linux/Unix/Windows

Basic Usage:

ssh-copy-id [options] [arguments]

Common Use Cases

  • 1

    SSH key deployment

    Copy SSH keys to remote systems for password-less authentication

  • 2

    Security

    Ensure secure communication between systems

  • 3

    Scripting

    Use in shell scripts to automate SSH key deployment

  • 4

    Remote administration

    Administer remote systems securely

Syntax

ssh-copy-id [options] [-i [identity_file]] [user@]hostname

Options

Option Description
-i identity_file Use the specified file as the identity (public key) to copy
-f Force mode - don't check if the key is already installed
-n Dry run - just print what would be done
-h, --help Display help message and exit
-p port Connect to the specified port on the remote host
-o ssh_option Pass options to ssh in the format used in ssh_config

Examples

How to Use These Examples

The examples below show common ways to use the ssh-copy-id command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

Basic Usage:

ssh-copy-id user@hostname

Copy your default public key (~/.ssh/id_rsa.pub, ~/.ssh/id_dsa.pub, etc.) to the remote host.

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@hostname

Copy a specific public key to the remote host.

ssh-copy-id -i ~/.ssh/id_rsa.pub -p 2222 user@hostname

Copy your public key to a host using a non-standard SSH port.

Advanced Usage:

ssh-copy-id -i ~/.ssh/id_rsa.pub "user@hostname -p 2222"

Copy a key to a host with additional SSH options.

ssh-copy-id -f -i ~/.ssh/id_rsa.pub user@hostname

Copy the key without checking if it's already installed (force mode).

ssh-copy-id -o "StrictHostKeyChecking=no" user@hostname

Copy a key while disabling host key checking (useful for first-time connections).

cat ~/.ssh/id_rsa.pub | ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Alternative method without using ssh-copy-id (useful on systems where it's not available).

ssh-copy-id -i multiple_keys.pub user@hostname

Copy multiple keys contained in a single file.

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

How ssh-copy-id Works:

  • ssh-copy-id connects to the remote host using SSH (with password authentication)
  • It adds your public key to the ~/.ssh/authorized_keys file on the remote system
  • Future SSH connections will authenticate using your private key instead of a password
  • The command ensures proper permissions are set on the ~/.ssh directory and files
  • It checks if the key is already installed to avoid duplicate entries

Benefits of SSH Key Authentication:

  • Convenience: No need to type passwords for each connection
  • Security: More secure than password authentication (resistant to brute force attacks)
  • Automation: Enables passwordless scripts, backups, and system administration tasks
  • Agent Forwarding: Can authenticate to other servers from the remote host without copying keys
  • Two-Factor Authentication: Can be combined with other auth methods for enhanced security

Troubleshooting:

  • Permission Issues: Make sure the remote ~/.ssh directory has 700 permissions (chmod 700 ~/.ssh)
  • authorized_keys Permissions: The file should have 600 permissions (chmod 600 ~/.ssh/authorized_keys)
  • Home Directory Permissions: Some SSH servers require that your home directory isn't writable by others
  • Missing .ssh Directory: ssh-copy-id will create it if needed, but manual creation might be necessary
  • SSH Server Configuration: Ensure the server allows public key authentication (PubkeyAuthentication yes)
  • Failed Connection: Use the -v option with SSH to debug connection issues

Key Preparation:

  • Generate a key pair with ssh-keygen if you don't have one already
  • Modern, secure keys use the Ed25519 algorithm: ssh-keygen -t ed25519
  • RSA keys are widely compatible but should use at least 3072 bits: ssh-keygen -t rsa -b 3072
  • Always protect your private key with a strong passphrase
  • Consider using ssh-agent to avoid typing your passphrase repeatedly

Security Considerations:

  • Anyone with your private key can access servers where your public key is authorized
  • Keep your private key secure and passphrase-protected
  • Regularly audit authorized_keys files to remove unused or unauthorized keys
  • Consider setting expiration dates for keys in critical environments
  • For very high security, consider key+password (two-factor) authentication
  • Disable password authentication after setting up key authentication

System Administration:

  • For multiple servers, consider using a configuration management system
  • Keys can be revoked by removing them from the authorized_keys file
  • Consider using ssh-cert or SSH certificates for more advanced deployments
  • Monitor for unauthorized changes to authorized_keys files
  • Key rotation policies enhance security in enterprise environments

Related Commands:

  • ssh-keygen - Generate SSH key pairs
  • ssh-agent - Authentication agent that stores unencrypted keys in memory
  • ssh-add - Add private keys to the authentication agent
  • ssh - Secure Shell client for remote login
  • scp - Secure Copy, transfers files securely using SSH protocol
  • sftp - Secure FTP, provides FTP-like interface over SSH

Tips & Tricks

1

Use the -i option to specify the identity file

2

Use the -o option to specify options for the remote shell

3

Use the -p option to specify the port number

4

Use the -h option to display help

5

Use the -f option to specify the file containing the key

Common Use Cases

SSH key deployment

Copy SSH keys to remote systems for password-less authentication

Security

Ensure secure communication between systems

Scripting

Use in shell scripts to automate SSH key deployment

Remote administration

Administer remote systems securely

Data transfer

Transfer files between systems securely and efficiently

Related Commands

These commands are frequently used alongside ssh-copy-id or serve similar purposes:

Explore All Commands

Use Cases

1

SSH key deployment

Copy SSH keys to remote systems for password-less authentication

2

Security

Ensure secure communication between systems

3

Scripting

Use in shell scripts to automate SSH key deployment

4

Remote administration

Administer remote systems securely

5

Data transfer

Transfer files between systems securely and efficiently

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the ssh-copy-id command works in different scenarios.

See ExamplesTry Lab Exercises
$ ssh-copy-id
View All Commands
ssh-copy-id - Install SSH Keys on Remote Servers