CODEWITHSUNDEEP
sshssh-keys
DanHeidel
DanHeidel

Reputation: 671

What, exactly, does ssh-copy-id do?

What does the ssh-copy-id command do, exactly? I've used it numerous times and it works great. However, when I try to manually cut and paste my .pub key file to my remote authorized_keys file, it doesn't work.

I've compared the contents of my authorized_keys file where I've cut and pasted the .pub into it vs subsequently using ssh-copy-id and I'm not seeing any differences between the two, including whitespace.

Is there anything that ssh-copy-id does beyond copying the public key into authorized_keys?

Upvotes: 33

Views: 19856

Answers (2)

ganqqwerty
ganqqwerty

Reputation: 1994

This little one liner script works on sh, bash, and zsh. I use it every time there is no ssh-copy-id, for example when I'm on older version of OSX.

cat ~/.ssh/id_rsa.pub | ssh <user>@<hostname> 'cat >> ~/.ssh/authorized_keys'

How it works

I am sending the public key to the Unix standard output (STDOUT) using the cat command. I then connect the STDOUT of cat to the standard input (STDIN) of the ssh.

The ssh executes the cat command on the server. Remember that we have our key in the STDIN now? This key gets passed from ssh to the cat command executed on a server. The >> operator redirects the STDOUT of the cat to the end of the ~/.ssh/authorized_keys file. This way, the key from public keys is appended to the authorized_keys on the server.

IMO, it's better than manual copying and pasting: in this case, you know exactly what content will end up in the file.

Upvotes: 33

Jackson Pauls
Jackson Pauls

Reputation: 245

I usually copy-paste keys into authorized_keys as you describe (I forget about ssh-copy-id), so it can work. Note thatchmod 600 ~/.ssh/authorized_keys is required if you're creating the file.

ssh-copy-id is a shell script so you can open it in a text editor to see what it does, this looks like the relevant bit:

printf '%s\n' "$NEW_IDS" | ssh "$@" "
    umask 077 ;
    mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
    if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi"

restorecon in the last line restores default SELinux security contexts. I haven't had to run that, but it might be necessary in your case.

Upvotes: 8

Related Questions