Network
ssh-copy-id
Install a public SSH key on a remote host.
Additional Notes
ssh-copy-id copies a public SSH key to a remote host's ~/.ssh/authorized_keys file, enabling passwordless login via key-based authentication. It is the standard way to set up SSH key authentication for a remote server.
The tool connects to the remote host using password authentication, creates the ~/.ssh directory and authorized_keys file if they do not exist, sets appropriate permissions, and appends the public key. It works with SSH keys of any type (RSA, ECDSA, Ed25519, DSA).
Syntax
ssh-copy-id [options] [-i keyfile] user@hostname
Parameters
keyfile: The public key file to install. Defaults to~/.ssh/id_rsa.pubor similar.user@hostname: The remote user and host to install the key on.
Common Options
-i keyfile: Specify the identity file (public key) to install.-p port: Specify the SSH port on the remote host.-f: Force installation even if the key is already present (duplicates may be added).-n: Dry-run mode (do not actually copy the key, just show what would be done).-s: Use SFTP/SSH instead of executing remote commands via shell.-o SSH_option: Pass an option to SSH (e.g.,-o "Port 2222").-H: Hash known hostnames (for use with-o HashKnownHosts).-u: Uninstall mode (remove a key from authorized_keys).
Examples
ssh-copy-id alice@server.example.com
Copy the default public key to server.example.com for user alice.
ssh-copy-id -i ~/.ssh/mykey.pub alice@server.example.com
Copy a specific public key file to the remote host.
ssh-copy-id -p 2222 alice@server.example.com
Connect to the remote host on a non-standard SSH port.
ssh-copy-id -n alice@server.example.com
Dry-run: show what would be done without actually copying the key.
ssh-copy-id -o "IdentityFile ~/.ssh/alternate_id_rsa" alice@server.example.com
Use a specific identity for the initial password authentication.
Practical Notes
- Password authentication must be enabled on the remote host for the initial copy.
- The default public key file is searched in order:
id_ed25519.pub,id_ecdsa.pub,id_rsa.pub,id_dsa.pub. - After installation, test the connection with
ssh user@hostto verify passwordless login works. - Ensure the remote user's home directory,
~/.ssh, andauthorized_keyshave correct permissions (700, 700, 600). - If
ssh-copy-idis not available, manually append the public key withssh user@host "cat >> .ssh/authorized_keys".