OpenSSH includes a program, ssh-copy-id, that installs a public key automatically on a remote server with a single command, placing it into ~/.ssh/authorized_keys:
# ssh-copy-id -i key_file [user@]server_name
For example, to install the key mykey in the geekuser account on server.example.com:
# ssh-copy-id -i mykey firstname.lastname@example.org
You don’t need to list the .pub extension of the key file; or more specifically, you can provide either the private or public-key file, and the public key is copied to the remote server.
In order for the copy to take place, you’ll need an account on the remote machine, of course, and you’ll need to authenticate somehow. If you’ve never set up public-key authentication on server.example.com before, you’ll be prompted for your login password.
ssh-copy-id Command Examples
1. Copy your keys to the remote machine:
# ssh-copy-id username@remote_host
2. Copy the given public key to the remote:
# ssh-copy-id -i path/to/certificate username@remote_host
3. Copy the given public key to the remote with specific port:
# ssh-copy-id -i path/to/certificate -p port username@remote_host
If you have no authorized_keys file on the remote machine, ssh-copy-id creates one containing your new key; otherwise, it appends the new key.
If you do already have a remote authorized_keys file, and it does not end with a newline character, ssh-copy-id blindly appends your new key onto the last public key in the file, with no newline between them. This effectively corrupts the last two keys in authorized_keys. Moral: always make sure authorized_keys ends with a newline.