Use ssh-copy-id with an OpenSSH Server Listening On a Different Port

See all OpenBSD related FAQ
My OpenSSH server listening on TCP port number 2222. How can I use ssh-copy-id with an sshd server with listening on a different port on a Linux or Unix-like systems?

The ssh-copy-id is a shell script that uses ssh command to log into a remote machine using a login password to install your public key in a remote machine’s authorized_keys. The script also secure the remote user’s home, ~/.ssh, and ~/.ssh/autho-rized_keys files by changing the permissions.
Tutorial details
Difficulty level Easy
Root privileges No
Requirements Linux or Unix terminal
Category Terminal/ssh
Prerequisites ssh-copy-id command
OS compatibility BSD Linux macOS Unix WSL
Est. reading time 3 minutes

How to use ssh-copy-id with an OpenSSH Server Listening On a Different Port

The syntax is as follows to install ssh-keys:
$ ssh-copy-id user@server-name-here
$ ssh-copy-id -i /path/to/identity-file user@server-name-here

The -i /path/to/identity-file forces ssh-copy-id command to use only the key(s) contained in identity_file rather looking for default ID file or one set by the ssh-add command.

Examples

Install your key for server42 as ‘vivek’ user, enter:
$ ssh-copy-id vivek@nas01
Install your key for for OpenSSH server listen on IP 192.168.1.146 TCP port 22 (default), enter:
$ ssh-copy-id nixcraft@192.168.1.146
Here is what I see (when prompted type nixcraft account password for 192.168.1.146 server):

/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/local/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
nixcraft@192.168.1.146's password: 
 
Number of key(s) added:        1
 
Now try logging into the machine, with:   "ssh 'nixcraft@192.168.1.146'"
and check to make sure that only the key(s) you wanted were added.

Please note that when you run the above command, the ssh-copy-id will prompt you for the password of the remote Linux or Unix user account. Once you enter the password, the command will copy your public key to the authorized_keys file of the remote user account on the specified port as discussed below.

Using ssh-copy-id with an SSH server listening on a different port such as TCP port # 2222

If your remote server listen on a different port than 22, you need to use the following syntax:
## old syntax. only valid for older ssh-copy-id (see below for new syntax) ##
$ ssh-copy-id '-p PORT-NUMBER-HERE user@server-name-here'
$ ssh-copy-id '-p 2222 vivek@server1.cybercit.biz'
$ ssh-copy-id '-p 2222 nixcraft@192.168.1.146'

OR use the following syntax:
## new syntax ##
$ ssh-copy-id -p 2222 nixcraft@192.168.1.146
## state identity file for ec2 server using the -i option ##
$ ssh-copy-id -p 2222 -i ~/.ssh/aws_ec2_rhel9_server_key ec2-user@ec2-nixcraft-server-1

Fig.01: Using ssh-copy-id with an SSH server listening on a different port # 2222

Fig.01: Using ssh-copy-id with an SSH server listening on a different port # 2222

Test it

Now try logging into the machine using the ssh command and TCP port # 2222. For instance:
$ ssh -p 2222 ec2-user@ec2-nixcraft-server-1
$ ssh -p 2222 nixcraft@192.168.1.146

Here is sample session:

Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-46-generic x86_64)
 
 * Documentation:  https://help.ubuntu.com/
 
Last login: Sat Mar  7 17:55:48 2015 from viveks-macbook-pro.local

Summing up

You can ssh-copy-id command to use locally available keys to authorise logins on a remote Linux or Unix machine. By default TCP port 22 is used. But, you can pass the -p port to ssh-copy-id. The ssh-copy-id command copies the public key of your local machine’s ~/.ssh/ directory to the authorized keys file of a remote OpenSSH server on TCP port 22. However, if the remote server listens on a different port, you can specify the port number using the -p option. Here is an example command to copy your public key to a remote OpenSSH server listening on OpenSSH TCP port # 2222:
$ ssh-copy-id -p 2222 my-user@my-remote-server
Ensure that you replace my-user with the username you use to log in to the remote OpenSSH Linux/Unix server and my-remote-server with the hostname or IP address of your Unix or Linux server. Of course, you can ssh configuration file named ssh_config instead of the CLI option too. See ssh-copy-id command man page for more info using the man command. For example:
$ man ssh-copy-id

This entry is 23 of 23 in the Linux/Unix OpenSSH Tutorial series. Keep reading the rest of the series:
  1. Top 20 OpenSSH Server Best Security Practices
  2. How To Set up SSH Keys on a Linux / Unix System
  3. OpenSSH Config File Examples For Linux / Unix Users
  4. Audit SSH server and client config on Linux/Unix
  5. How to install and upgrade OpenSSH server on FreeBSD
  6. Ubuntu Linux install OpenSSH server
  7. Install OpenSSH server on Alpine Linux (including Docker)
  8. Debian Linux Install OpenSSH SSHD Server
  9. Configure OpenSSH To Listen On an IPv6 Address
  10. OpenSSH Server connection drops out after few minutes of inactivity
  11. Display banner/message before OpenSSH authentication
  12. Force OpenSSH (sshd) to listen on selected multiple IP address only
  13. OpenSSH Change a Passphrase With ssh-keygen command
  14. Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing
  15. Check Syntax Errors before Restarting SSHD Server
  16. Change the ssh port on Linux or Unix server
  17. OpenSSH Deny or Restrict Access To Users and Groups
  18. Linux OpenSSH server deny root user access / log in
  19. Disable ssh password login on Linux to increase security
  20. SSH ProxyCommand example: Going through one host to reach server
  21. OpenSSH Multiplexer To Speed Up OpenSSH Connections
  22. Install / Append SSH Key In A Remote Linux / UNIX Servers Authorized_keys
  23. Use ssh-copy-id with an OpenSSH Server Listening On a Different Port

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

3 comments… add one
  • David Ramirez Mar 8, 2015 @ 4:44

    Hello – great tutorial ! However I would suggest to change “listing” to “listening” in the title.

    • 🛡️ Vivek Gite (Author and Admin) nixCraft Mar 8, 2015 @ 10:13

      Thanks for the heads up!

  • Niels Jun 24, 2015 @ 8:38

    The second example code using the “-i identityfile” flag isn’t explained further. I think it’s a good idea to either delete that line or explain it further.

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.