493

I am lazy at home and use password authentication for my home machines. I am ready to move to key based authentication. There are many options on the web on how to do this, including catting then sshing the key over, scping the key over directly, etc.

I am looking for the easiest and recommended way to copy a key over, hopefully there is a convenience wrapper somewhere in the Ubuntu ssh package?

I'm already aware on how to shut off password logins.

Community
  • 1
Jorge Castro
  • 73,717

9 Answers9

659

The ssh-copy-id command (in the openssh-client package and installed by default) does exactly this:

ssh-copy-id user@hostname.example.com

copies the public key of your default identity (use -i identity_file for other identities) to the remote host.

The default identity is your "standard" ssh key. It consists of two files (public and private key) in your ~/.ssh directory, normally named identity, id_rsa, id_dsa, id_ecdsa or id_ed25519 (and the same with .pub), depending on the type of key. If you did not create more than one ssh key, you do not have to worry about specifying the identity, ssh-copy-id will just pick it automatically.

In case you do not have an identity, you can generate one with the tool ssh-keygen.

In addition, if the server uses a port different from the default one (22) you should use quotation marks in this way (source):

ssh-copy-id "user@hostname.example.com -p <port-number>"
zypA13510
  • 119
  • 6
Marcel Stimberg
  • 43,563
177

I like the answer from Marcel. I did not know this command. I've always been using what I had found on the Oracle web site:

cat ~/.ssh/id_rsa.pub | ssh <user>@<hostname> 'cat >> .ssh/authorized_keys && echo "Key copied"'

I thought to post it here still, because it is a good illustration of what can be achieved in shell code with the power of ssh. But using the ssh-copy-id is definitively a safer way to do it properly!

Note that if the folder .ssh does not already exist, the above command will fail. In addition, it might be better when creating the file to set a minimum possible permission (basically read-write for owner only). Here is a more advanced command:

cat ~/.ssh/id_rsa.pub | ssh <user>@<hostname> 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys && echo "Key copied"'
Albert Fougy
  • 3
Huygens
  • 4,783
33

Graphical method

  1. Open ApplicationsPasswords and KeysMy Personal Keys.
  2. Select your key and then click RemoteConfigure Key for Secure Shell.

Set Up Computer for SSH Connection

ændrük
  • 78,496
21

On Ubuntu you can fetch your keys from Launchpad:

ssh-import-id [launchpad account name]

Details:

  1. You need a Launchpad account so login or create an account
  2. After logging in, click the button next to SSH keys:

  3. Paste the contents of your public key file in that field (including comment). Such a key looks like:

    ssh-rsa AAAAB3Nza .... UyDOFDqJp lekensteyn

    Here, ssh-rsa indicates that the key is a RSA key, AAAAB3Nza .... UyDOFDqJp is the actual key and lekensteyn is the comment.

  4. Save the key by pressing Import Public Key
  5. If everything went well, your key should now be listed under SSH keys:

The package ssh-import-id needs to be installed on the machine which needs to be accessed from remote. This package is installed together with the openssh-server package as it's a recommended package for openssh-server. After making sure that ssh-import-id has been installed On the client machine, run:

ssh-import-id [launchpad account name]

This will download the public key from the Launchpad servers over HTTPS which protects you from MITM attacks.

On Ubuntu Lucid and before, you can accomplish the same with:

wget https://launchpad.net/~[lp acount name]/+sshkeys -O - >> ~/.ssh/authorized_keys && echo >> ~/.ssh/authorized_keys

The echo command is needed to get an extra newline after the line with the SSH key.

anatoly techtonik
  • 2,661
Lekensteyn
  • 178,446
19

for custom port 

ssh-copy-id -i "user@hostname.example.com -p2222"

-i switch defaults to ~/.ssh/id_rsa.pub, if you want another key, put the path of the key after -i

WARNING: If you did not write the -i it will copy all your keys found in ~/.ssh

omars
  • 301
17

Here is a less secure, but very simple solution(not recommended for servers):

Move ~/.ssh to the new machine and run ssh-add. DONE!

LONG ANSWER:

  1. In the old machine, take the folder ~/.ssh to an USB drive, or to any other storage you like.
  2. On the new machine, put the folder under ~ aka /home/$USER.
  3. Run ssh-add, on the new machine done.
Victor Timoftii
  • 279
6

ssh-copy-id does exactly that. I am not sure why some of the other answers here add inaccurate information. The help shows the following:

~$ ssh-copy-id -h
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname
    -f: force mode -- copy keys without trying to check if they are already installed
    -n: dry run    -- no keys are actually copied
    -h|-?: print this help

I just tried the following on Ubuntu 18.04 client with a CentOS 7.6 server and it worked like a charm. The example shows using a custom port of 2222, and specifying a public key at ~/.ssh/path-to-rsa.pub

$ ssh-copy-id -i ~/.ssh/path-to-rsa.pub -p 2222 myusername@hostname.tld

Before running the command, I actually used the -n switch at the end to do a dry run which confirmed that the command will work as intended. Once I confirmed it I ran the command again as above, without the -n switch.

isapir
  • 591
1

If you already have a host key like in the case of AWS EC2, then do this 

cat ~/.ssh/id_rsa.pub | ssh -i hostkey.pem hostname@hostaddress 'cat >> .ssh/authorized_keys && echo "Key copied" '

Next time, simply do this: 

ssh hostname@hostaddress
zx485
  • 2,865
Küñdàñ Börà
  • 111
1

You can import your public keys from github with ssh-import-id-gh command:

ssh-import-id-gh your-username
M. Reza Nasirloo
  • 111