Easy Steps For Using the ssh-copy-id Command | Enable Passwordless Login

This tutorial aims to guide you through Using the ssh-copy-id Command. SSH (Secure Shell) ensures secure communication between your local and remote machines. Typically, this requires you to provide a password each time you log in. The Using the ssh-copy-id Command simplifies this process, enabling you to access your server without constantly entering your password.

Let’s delve into the steps required to master Using the ssh-copy-id Command.

Step-by-Step Using the ssh-copy-id Command

Before you start Using the ssh-copy-id Command, it’s crucial to have generated your SSH public key pair. If you haven’t already, refer to a guide on generating SSH key pairs in Linux (such as Generate SSH key pairs in Linux).

Once your SSH keys are generated, follow these steps to copy the public key to your remote server, effectively enabling passwordless login using Using the ssh-copy-id Command.

Step 1 – Add SSH Public Key to the Remote Server with ssh-copy-id Command

We’re assuming you’ve already generated your SSH public key. The output after key generation should resemble something like this:

**Output**
...
The key's randomart image is:
+---[RSA 3072]----+
| ..*E+o          |
|. O+== .         |
|.+.+.o+          |
|o.o.oo .         |
|oB....o S        |
|..=.+o o .       |
|  +=. . o        |
| + o.o.o         |
|o   o++..        |
+----[SHA256]-----+

Now, leverage the ssh-copy-id command to transfer your SSH public key to your remote server. The command syntax is:

ssh-copy-id -i path-to-ssh-public-key user@remote-server-ip

In this command:

• path-to-ssh-public-key: Specifies the full path to your SSH public key file (e.g., ~/.ssh/id_rsa.pub).
• user: The username you use to log into the remote server.
• remote-server-ip: The IP address or hostname of your remote server.

For example:

ssh-copy-id -i /root/.ssh/id_rsa.pub root@remote-server-ip

The command will prompt you for confirmation. Type "yes" and press Enter to proceed. Then, you’ll be asked for the password of the specified user on the remote server. This is the only time you’ll need to enter the password after successfully using the Using the ssh-copy-id Command.

Upon completion, try connecting to your remote server without a password.

Step 2 – Connect to the Remote Server Without a Password

With your SSH public key now residing on the remote server, you can connect without a password using the standard ssh command:

ssh user@remote-server-ip

This command will now log you into the remote server seamlessly, without requesting a password. This confirms you have successfully implemented Using the ssh-copy-id Command to enable passwordless login.

Step 3 – The ssh-copy-id Command Usage

To explore the various options and syntax of the ssh-copy-id command, use the help command:

ssh-copy-id -h

This will display the command’s usage information, including available options:

Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n|-s] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname
        -f: force mode -- copy keys without trying to check if they are already installed
        -n: dry run    -- no keys are actually copied
        -s: use sftp   -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp
        -h|-?: print this help

Conclusion

You’ve now learned how to enable passwordless login to your remote server by Using the ssh-copy-id Command. You can generate an SSH public key, add it to your remote server, and effortlessly connect without a password.

Hopefully, you found this helpful. You might also be interested in these related articles:

• How To SSH into a Windows Machine
• Install and Secure SSH Server on Debian 12 Bookworm
• How to Secure SSH in Linux

Alternative Methods for Passwordless SSH Login

While ssh-copy-id provides a convenient and straightforward approach to setting up passwordless SSH login, alternative methods exist. Here are two different ways to achieve the same outcome:

1. Manual Key Copying via ssh and authorized_keys

This method involves manually copying the public key to the remote server’s authorized_keys file. This offers more control and is useful when ssh-copy-id is unavailable or fails.

• Step 1: Obtain the Public Key: As with ssh-copy-id, start by ensuring you have your SSH public key. Typically located at ~/.ssh/id_rsa.pub (or a similar path depending on your key generation settings).

• Step 2: Copy the Key Manually: Use ssh to execute a command on the remote server that appends the public key to the authorized_keys file. If the .ssh directory or authorized_keys file do not exist, they will be created.

  ssh user@remote-server-ip "mkdir -p ~/.ssh && echo 'YOUR_PUBLIC_KEY' >> ~/.ssh/authorized_keys"

  Replace YOUR_PUBLIC_KEY with the actual content of your id_rsa.pub file. You can copy the content using cat ~/.ssh/id_rsa.pub. You will be prompted for the password to the remote server.

• Step 3: Secure the authorized_keys file (Optional): While not strictly necessary, it’s good practice to ensure the authorized_keys file has appropriate permissions. This command can be run on the remote server:

  ssh user@remote-server-ip "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

  Again, you will be prompted for the password to the remote server.

  The chmod 700 ~/.ssh command sets the permissions of the .ssh directory to rwx------, meaning only the owner can read, write, and execute (enter) the directory. The chmod 600 ~/.ssh/authorized_keys command sets the permissions of the authorized_keys file to rw-------, meaning only the owner can read and write the file.

  These permissions restrict access to your SSH keys, making it more secure. If an attacker were to gain access to read your SSH keys, they could potentially impersonate you on the remote server.

• Step 4: Test the Connection: Try connecting via SSH:

  ssh user@remote-server-ip

  You should now be able to log in without a password.

2. Using scp (Secure Copy) to Transfer the Public Key

This method uses scp to securely transfer the public key file to the remote server, followed by SSH to append it to the authorized_keys file.

• Step 1: Copy the Public Key using scp:

  scp ~/.ssh/id_rsa.pub user@remote-server-ip:/tmp/id_rsa.pub.tmp

  This command copies the id_rsa.pub file to a temporary location (/tmp/id_rsa.pub.tmp) on the remote server. You will be prompted for the password to the remote server.

• Step 2: Append the Key to authorized_keys via SSH:

  ssh user@remote-server-ip "mkdir -p ~/.ssh && cat /tmp/id_rsa.pub.tmp >> ~/.ssh/authorized_keys && rm /tmp/id_rsa.pub.tmp"

  This command does the following on the remote server:

  • mkdir -p ~/.ssh: Creates the .ssh directory if it doesn’t exist.
  • cat /tmp/id_rsa.pub.tmp >> ~/.ssh/authorized_keys: Appends the contents of the temporary file to the authorized_keys file.
  • rm /tmp/id_rsa.pub.tmp: Removes the temporary file.

  You will be prompted for the password to the remote server.

• Step 3: Secure the authorized_keys file (Optional): As in the previous method, securing the file permissions is a good practice:

  ssh user@remote-server-ip "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

  You will be prompted for the password to the remote server.

• Step 4: Test the Connection:

  ssh user@remote-server-ip

  You should now be able to log in without a password.

Both of these alternative methods achieve the same outcome as Using the ssh-copy-id Command: enabling passwordless SSH login. The manual key copying offers more control and flexibility, while the scp-based method provides a secure way to transfer the key before appending it. Choose the method that best suits your environment and preferences.