Install / Append SSH Key In A Remote Linux / UNIX Servers Authorized_keys

by on May 6, 2010 · 8 comments· LAST UPDATED March 10, 2014

in , ,

How do I install my SSH public key ~/.ssh/id_rsa.pub onto a remote Linux and UNIX server automatically from Linux workstation or Apple OS X laptop without using scp and/or copy & paste method?

You need to use the ssh-copy-id script that uses ssh to log into a remote machine using a login password. The syntax is as follows:

ssh-copy-id user@server.example.com

Tutorial details
DifficultyEasy (rss)
Root privilegesNo
RequirementsNone
Estimated completion time2m

OR

ssh-copy-id -i ~/.ssh/id_rsa.pub user@server.example.com

OR

ssh-copy-id -i ~/.ssh/id_dsa.pub user@server.example.com

OR use specific port on remote host such as tcp port # 4242:

ssh-copy-id -i /path/key/file.pub "user@server.example.com -p 4242"

Step # 1: Create the Keys

Type the following ssh-keygen command to generates, manages and converts authentication keys for your workstation / laptop:
ssh-keygen
Make sure you protect keys with the passphrase.

Step # 2: Install the public key

Install key in a remote server called www-03.nixcraft.in, enter:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@www-03.nixcraft.in

Note: If ssh-copy-id command not found on your system, try the following commands to append/install the public key on remote host:

ssh username@www-03.nixcraft.in umask 077; mkdir .ssh
cat $HOME/.ssh/id_rsa.pub | ssh username@www-03.nixcraft.in cat >> .ssh/authorized_keys

Step #3: Use keychain for password less login

OpenSSH offers RSA and DSA authentication to remote systems without supplying a password. keychain is a special bash script designed to make key-based authentication incredibly convenient and flexible (see how to install keychain script on unix). Add following lines to your ~/.bash_profile or shell login file:

/usr/bin/keychain $HOME/.ssh/id_rsa
source $HOME/.keychain/$HOSTNAME-sh

Save and close the file.

References:
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 8 comments… read them below or add one }

1 Nei McLeish May 7, 2010 at 12:47 pm

Hi all.
Unfortunately, ssh-copy-id does not exist under OS X, so here is a script that does the same job.
When I can remember where I got it from, I will add the relevant credit to its author.

Best regards,

Neil.

#!/bin/sh
KEY="$HOME/.ssh/id_dsa.pub"
if [ ! -f ~/.ssh/id_dsa.pub ];then
    echo "private key not found at $KEY"
    echo "* please create it with "ssh-keygen -t dsa" *"
    echo "* to login to the remote host without a password, don't give the key you create with ssh-keygen a password! *"
    exit
fi
if [ -z $1 ];then
    echo "Please specify user@host.tld as the first switch to this script"
    exit
fi
echo "Putting your key on $1... "
KEYCODE=`cat $KEY`
ssh -q $1 "mkdir ~/.ssh 2>/dev/null; chmod 700 ~/.ssh; echo "$KEYCODE" >> ~/.ssh/authorized_keys; chmod 644 ~/.ssh/authorized_keys"
echo "done!"

Reply

2 Anonymous May 7, 2010 at 1:13 pm

Here is what I’ve installed in my Debian Linux box:

#!/bin/sh
# Shell script to install your public key on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.
ID_FILE="${HOME}/.ssh/id_rsa.pub"
if [ "-i" = "$1" ]; then
  shift
  # check if we have 2 parameters left, if so the first is the new ID file
  if [ -n "$2" ]; then
    if expr "$1" : ".*\.pub" > /dev/null ; then
      ID_FILE="$1"
    else
      ID_FILE="$1.pub"
    fi
    shift         # and this should leave $1 as the target name
  fi
else
  if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
    GET_ID="$GET_ID ssh-add -L"
  fi
fi
if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
  GET_ID="cat ${ID_FILE}"
fi
if [ -z "`eval $GET_ID`" ]; then
  echo "$0: ERROR: No identities found" >&2
  exit 1
fi
if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
  exit 1
fi
{ eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
cat <<EOF
Now try logging into the machine, with "ssh '${1%:}'", and check in:
  .ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
EOF

Reply

3 Juan Giordana May 9, 2010 at 9:03 pm

Hi Neil,

Thanks for the tip. I’ve been playing with ssh and keygen yesterday and missed this useful command.

Here are my two cents:

1 – Since there is no way to specify a port from the command line to this command one can add the following to their ~/.ssh/config

Host remote.server.tld
Port 2222

And remove the line afterwards (see 3).

2 - Change the permissions of ~/.ssh/authorized_key to 600

3 - Hash the known_hosts file: This replaces all hostnames and addresses with hashed representations
ssh-keygen -H -f ~/.ssh/known_hosts

Regards.

Reply

4 Juan Francisco Giordana May 9, 2010 at 9:07 pm

Host remote.server.tld
Port 2222

Reply

5 Cokegen May 18, 2011 at 11:03 pm

To do this on a non standard port the best is to use this:

ssh-copy-id -i /path/key.pub “user@host -p 2222″

Cheers

Reply

6 Jordi July 8, 2011 at 8:36 am

xxx@server:~/.ssh# ssh-copy-id -i ~/.ssh/id_rsa.pub “xxx@server -p 2222″
ssh: connect to host server port 22: Connection refused

Not works

Reply

7 Jordi July 8, 2011 at 9:22 am

Sorry, I repeated the command again, and worked well! Thanks!

ssh-copy-id -i ~/.ssh/id_rsa.pub “user@server -p 2222″

Now try logging into the machine, with “ssh ‘user@server -p 2222′”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

Reply

8 NoSiL May 22, 2014 at 5:37 pm

I found a bug:
cat $HOME/.ssh/id_rsa.pub | ssh username@www-03.nixcraft.in cat >> .ssh/authorized_keys
should be
cat $HOME/.ssh/id_rsa.pub | ssh username@www-03.nixcraft.in ‘cat >> .ssh/authorized_keys’
It won’t work without quotes as intended.

Also, the “ssh-keygen” followed by the piped “cat” command is sufficient to get password-less access enabled. Do both on your machine, “www-03.nixcraft.in” in the example is the remote computer you want to access.

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous Faq:

Next Faq: