How do I install my SSH public key ~/.ssh/id_rsa.pub onto a remote Linux / UNIX server automatically from Linux workstation / Apple OS X laptop without using scp and/or copy & paste method?
You need to use the ssh-copy-id script that uses ssh to log into a remote machine using a login password. The syntax is as follows:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server.example.com ssh-copy-id -i ~/.ssh/id_dsa.pub user@server.example.com
Step # 1: Create Keys
Type the following ssh-keygen command to generates, manages and converts authentication keys for your workstation / laptop:
ssh-keygen
Make sure you protect keys with the passphrase.
Step # 2: Install Keys
Install key in a remote server called www-03.nixcraft.in, enter:
ssh-copy-id -i ~/.ssh/id_dsa.pub username@www-03.nixcraft.in
Step #3: Use keychain for password less login
OpenSSH offers RSA and DSA authentication to remote systems without supplying a password. keychain is a special bash script designed to make key-based authentication incredibly convenient and flexible. Add following lines to your ~/.bash_profile
/usr/bin/keychain $HOME/.ssh/id_rsa source $HOME/.keychain/$HOSTNAME-sh
Save and close the file.
References:
- man ssh-copy-id
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 7 comments… read them below or add one }
Hi all.
Unfortunately, ssh-copy-id does not exist under OS X, so here is a script that does the same job.
When I can remember where I got it from, I will add the relevant credit to its author.
Best regards,
Neil.
#!/bin/sh KEY="$HOME/.ssh/id_dsa.pub" if [ ! -f ~/.ssh/id_dsa.pub ];then echo "private key not found at $KEY" echo "* please create it with "ssh-keygen -t dsa" *" echo "* to login to the remote host without a password, don't give the key you create with ssh-keygen a password! *" exit fi if [ -z $1 ];then echo "Please specify user@host.tld as the first switch to this script" exit fi echo "Putting your key on $1... " KEYCODE=`cat $KEY` ssh -q $1 "mkdir ~/.ssh 2>/dev/null; chmod 700 ~/.ssh; echo "$KEYCODE" >> ~/.ssh/authorized_keys; chmod 644 ~/.ssh/authorized_keys" echo "done!"Here is what I’ve installed in my Debian Linux box:
#!/bin/sh # Shell script to install your public key on a remote machine # Takes the remote machine name as an argument. # Obviously, the remote machine must accept password authentication, # or one of the other keys in your ssh-agent, for this to work. ID_FILE="${HOME}/.ssh/id_rsa.pub" if [ "-i" = "$1" ]; then shift # check if we have 2 parameters left, if so the first is the new ID file if [ -n "$2" ]; then if expr "$1" : ".*\.pub" > /dev/null ; then ID_FILE="$1" else ID_FILE="$1.pub" fi shift # and this should leave $1 as the target name fi else if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then GET_ID="$GET_ID ssh-add -L" fi fi if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then GET_ID="cat ${ID_FILE}" fi if [ -z "`eval $GET_ID`" ]; then echo "$0: ERROR: No identities found" >&2 exit 1 fi if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 exit 1 fi { eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 cat <<EOF Now try logging into the machine, with "ssh '${1%:}'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. EOFHi Neil,
Thanks for the tip. I’ve been playing with ssh and keygen yesterday and missed this useful command.
Here are my two cents:
1 – Since there is no way to specify a port from the command line to this command one can add the following to their ~/.ssh/config
Host remote.server.tldPort 2222
And remove the line afterwards (see 3).
2 - Change the permissions of ~/.ssh/authorized_key to 600
3 - Hash the known_hosts file: This replaces all hostnames and addresses with hashed representations
ssh-keygen -H -f ~/.ssh/known_hosts
Regards.
Host remote.server.tldPort 2222
To do this on a non standard port the best is to use this:
ssh-copy-id -i /path/key.pub “user@host -p 2222″
Cheers
xxx@server:~/.ssh# ssh-copy-id -i ~/.ssh/id_rsa.pub “xxx@server -p 2222″
ssh: connect to host server port 22: Connection refused
Not works
Sorry, I repeated the command again, and worked well! Thanks!
ssh-copy-id -i ~/.ssh/id_rsa.pub “user@server -p 2222″
Now try logging into the machine, with “ssh ‘user@server -p 2222′”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.