33

What does the ssh-copy-id command do, exactly? I've used it numerous times and it works great. However, when I try to manually cut and paste my .pub keyfile to my remote authorized_keys, it doesn't work.

I've compared the contents of my authorized_keys file where I've cut and pasted the .pub into it vs subsequently using ssh-copy-id and I'm not seeing any differences between the two, including whitespace.

Is there anything that ssh-copy-id does beyond copying the public key into authorized_keys?

DanHeidel
  • 671
  • 1
  • 8
  • 17
  • Did you check if the permissions for `authorized_keys` are set up correctly? – Rufflewind Mar 28 '14 at 00:30
  • Yes, permissions on the directory and authorized_keys were both correct. ssh-copy-id inserted into the same file as my cut and paste so the file environment is identical. I'm mostly curious if there's any other action that ssh-copy-id does to 'activate' the key on the remote server. If not, I need to figure out how my cut and paste is altering the public key. – DanHeidel Mar 28 '14 at 01:01
  • 2
    Perhaps a try a `diff` between your version and the automated version? The man page for `ssh-copy-id` doesn't say it does anything else. Plus, `ssh-copy-id` is just an ordinary shell script so you could examine to see what it does. – Rufflewind Mar 28 '14 at 01:19

2 Answers2

32

This little one liner script works on sh, bash, and zsh. I use it every time there is no ssh-copy-id, for example when I'm on older version of OSX.

cat ~/.ssh/id_rsa.pub | ssh <user>@<hostname> 'cat >> ~/.ssh/authorized_keys'

How it works

I am sending the public keay to the Unix standard output (STDOUT) using the cat command. I then connect the STDOUT of cat to the standard input (STDIN) of the ssh.

The ssh executes the cat command on the server. Remember that the we have our key in the STDIN now? This key gets passed from ssh to the cat command executed on a server. The >> operator redirects the STDOUT of the cat to the end of the ~/.ssh/authorized_keys file. This way the key from public keys is appended to the authorized_keys on the server.

IMO It's better than manual copying and pasting: in this case you know exactly what content will end up in the file

ganqqwerty
  • 1,894
  • 2
  • 23
  • 36
8

I usually copy-paste keys into authorized_keys as you describe (I forget about ssh-copy-id), so it can work. Note thatchmod 600 ~/.ssh/authorized_keys is required if you're creating the file.

ssh-copy-id is a shell script so you can open it in a text editor to see what it does, this looks like the relevant bit:

printf '%s\n' "$NEW_IDS" | ssh "$@" "
    umask 077 ;
    mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
    if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi"

restorecon in the last line restores default SELinux security contexts. I haven't had to run that, but it might be necessary in your case.

Jackson Pauls
  • 225
  • 2
  • 12
  • FYI, I created a small script at https://github.com/centic9/generate-and-send-ssh-key which runs the necessary steps in one go and additionally ensures all the file/directory permissions which usually always caused me headaches... – centic Oct 07 '15 at 11:27
  • @JacksonPauls can you provide a source for this statement that you said: "`chmod 600 ~/.ssh/authorized_keys` is required if you're creating the file"? I searched in the script and didn't see any code like that. I also experienced inconsistent results while testing. – Levi Uzodike Mar 18 '20 at 00:38