OpenSSH includes a program, ssh-copy-id, that installs a public key automatically on a remote server with a single command, placing it into ~/.ssh/authorized_keys:
# ssh-copy-id -i key_file [user@]server_name
For example, to install the key mykey in the dulaney account on server.example.com:
# ssh-copy-id -i mykey firstname.lastname@example.org
You don’t need to list the .pub extension of the key file; or more specifically, you can provide either the private or public-key file, and the public key is copied to the remote server.
In order for the copy to take place, you’ll need an account on the remote machine, of course, and you’ll need to authenticate somehow. If you’ve never set up public-key authentication on server.example.com before, you’ll be prompted for your login password.
If you encounter the below error while running the ssh-copy-id command:
ssh-copy-id: command not found
you may try installing the below package as per your choice of distribution:
|OS X||brew install ssh-copy-id|
|Debian||apt-get install openssh-client|
|Ubuntu||apt-get install openssh-client|
|Alpine||apk add openssh-client|
|Arch Linux||pacman -S ssh-copy-id|
|Kali Linux||apt-get install openssh-client|
|CentOS||yum install openssh-clients|
|Fedora||dnf install openssh-clients|
|Raspbian||apt-get install openssh-client|
ssh-copy-id Command Examples
1. Copy your keys to the remote machine:
# ssh-copy-id username@remote_host
2. Copy the given public key to the remote:
# ssh-copy-id -i path/to/certificate username@remote_host
3. Copy the given public key to the remote with specific port:
# ssh-copy-id -i path/to/certificate -p port username@remote_host
If you have no authorized_keys file on the remote machine, ssh-copy-id creates one containing your new key; otherwise, it appends the new key.
If you do already have a remote authorized_keys file, and it does not end with a newline character, ssh-copy-id blindly appends your new key onto the last public key in the file, with no newline between them. This effectively corrupts the last two keys in authorized_keys. Moral: always make sure authorized_keys ends with a newline.