ssh-copy-id: use locally available keys to authorise logins on a remote machine
Command to display ssh-copy-id
manual in Linux: $ man 1 ssh-copy-id
The secure shell or ssh is a collection of tools using a secure protocol for communications with remote Linux computers. This chapter gives an overview of the most common commands related to the use of the sshd server and the ssh client. HardOCP Community Forum for PC Hardware Enthusiasts. Sony creates their own version of 'The Looking Glass' monitor with their spatial reality display. Password: 1 17:48:25 SUCCESS 192.168.0.3:22 2 17:48:35 SUCCESS 192.168.0.9:22 Explanation about the options used in the above command.-h switch used to read a hosts from a given file and location.-l switch reads a default username on all hosts that do not define a specific user.-A switch tells pscp ask for a password and send to ssh. However, the main downsides of this are: 1) Use is limited to standard SSH usage (no SFTP/SCP support). 2) A user can't select another target host other than the single one (because hardcoded in login shell) 3) Host key validation can't be done from workstation to the final target host (since the use of the broker SSH binary).
NAME
ssh-copy-id - use locally available keys to authorise logins on a remote machine
SYNOPSIS
[-f][-n][-i [identity_file]][-p port][-o ssh_option][user @ hostname]-h | -
DESCRIPTION
is a script that usesssh(1)to log into a remote machine (presumably using a login password,so password authentication should be enabled, unless you've done someclever use of multiple identities). It assembles a list of one or morefingerprints (as described below) and tries to log in with each key, tosee if any of them are already installed (of course, if you are not usingssh-agent1this may result in you being repeatedly prompted for pass-phrases).It then assembles a list of those that failed to log in, and using ssh,enables logins with those keys on the remote server. By default it addsthe keys by appending them to the remote user's~/.ssh/authorized_keys(creating the file, and directory, if necessary). It is also capableof detecting if the remote system is a NetScreen, and using its`set'ssh pka-dsa key ..command instead.The options are as follows:
Ssh Copy 17 03 18
If the filename does not end in.pubthis is added. If the filename is omitted, the default_ID_fileis used.Note that this can be used to ensure that the keys copied have thecomment one prefers and/or extra options applied, by ensuring that thekey file has these set as preferred before the copy is attempted.
Rather than specifying these as command line options, it is often better to use (per-host) settings inssh(1)Ns'sconfiguration file:ssh_config5.
Default behaviour without-i is to check if`ssh-add'-Lprovides any output, and if so those keys are used. Note that this results inthe comment on the key being the filename that was given tossh-add1when the key was loaded into yourssh-agent1rather than the comment contained in that file, which is a bit of a shame.Otherwise, ifssh-add1provides no keys contents of the default_ID_filewill be used.
Thedefault_ID_fileis the most recent file that matches:~/.ssh/id*.pub (excluding those that match~/.ssh/*-cert.pub so if you create a key that is not the one you wantto use, just usetouch(1)on your preferred key's .pubfile to reinstate it as the most recent.
EXAMPLES
If you have already installed keys from one system on a lot of remotehosts, and you then create a new key, on a new client machine, say,it can be difficult to keep track of which systems on which you'veinstalled the new key. One way of dealing with this is to load boththe new key and old key(s) into yourssh-agent1.Load the new key first, without the-coption, then load one or more old keys into the agent, possibly byssh-ing to the client machine that has that old key, using the-Aoption to allow agent forwarding:now, if the new key is installed on the server, you'll be allowed inunprompted, whereas if you only have the old key(s) enabled, you'll beasked for confirmation, which is your cue to log back out and run
The reason you might want to specify the -i option in this case is toensure that the comment on the installed key is the one from the.pubfile, rather than just the filename that was loaded into your agent.It also ensures that only the id you intended is installed, rather thanall the keys that you have in yourssh-agent1.Of course, you can specify another id, or use the contents of thessh-agent1as you prefer.
Having mentionedssh-add1Ns's-coption, you might consider using this whenever using agent forwardingto avoid your key being hijacked, but it is much better to instead usessh(1)Ns'sProxyCommandand -Woption,to bounce through remote servers while always doing direct end-to-endauthentication. Hides 5 3 3 0. This way the middle hop(s) don't get access to yourssh-agent1.A web search for`ssh'proxycommand ncshould prove enlightening (N.B. the modern approach is to use the-Woption, rather thannc(1)).
SEE ALSO
ssh(1),ssh-agent1,sshd(8)Pages related to ssh-copy-id
- ssh-add (1) - adds private key identities to the OpenSSH authentication agent
- ssh-agent (1) - OpenSSH authentication agent
- ssh-argv0 (1) - replaces the old ssh command-name as hostname handling
- ssh-askpass (1) - prompts a user for a passphrase using GNOME
- ssh-import-id-gh (1) - retrieve one or more public keys from a public keyserver and append them to the current user's authorized_keys file (or some other specified file)
- ssh-import-id-lp (1) - retrieve one or more public keys from a public keyserver and append them to the current user's authorized_keys file (or some other specified file)
- ssh-import-id (1) - retrieve one or more public keys from a public keyserver and append them to the current user's authorized_keys file (or some other specified file)
- ssh-keygen (1) - OpenSSH authentication key utility
Package: openssh-client;Maintainer for openssh-client is Debian OpenSSH Maintainers ; Source for openssh-client is src:openssh (PTS, buildd, popcon).
Reported by: Kai Henningsen
Date: Sun, 3 Jun 2001 14:06:58 UTC
Severity: normal
Merged with 510932
Found in versions 1:2.5.2p2-2.1, openssh/1:4.7p1-5, openssh/1:5.1p1-4
Fixed in version openssh/1:6.2p1-1
Ssh Copy 17 03 17
Done: Colin Watson
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Philip Hands
:Bug#99785
; Package ssh
.(full text, mbox, link).
Acknowledgement sent to Kai Henningsen
:
New Bug report received and forwarded. Copy sent to Philip Hands
.(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Ssh Copy 17 03 13
Changed Bug submitter from Kai Henningsen to Kai Henningsen .Request was from Kai Henningsen
to control@bugs.debian.org
. (full text, mbox, link).
Reply sent to Marvin Stark
:
You have marked Bug as forwarded.(full text, mbox, link).
Message #10 received at 99785-forwarded@bugs.debian.org (full text, mbox, reply):
Removed annotation that Bug had been forwarded to matthew@debian.org.Request was from Colin Watson
to control@bugs.debian.org
. (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, monga@debian.org, Debian OpenSSH Maintainers
:Bug#99785
; Package ssh
.(full text, mbox, link).
Acknowledgement sent to Mattia Monga
:
Extra info received and forwarded to list. Copy sent to monga@debian.org, Debian OpenSSH Maintainers
.(full text, mbox, link).
Message #17 received at 99785@bugs.debian.org (full text, mbox, reply): Together 3 3 7 3.
Poster 1 6 4. Bug reassigned from package 'ssh' to 'openssh-client'.Request was from Colin Watson
to control@bugs.debian.org
. (Mon, 04 Jan 2010 02:18:07 GMT) (full text, mbox, link).
Bug No longer marked as found in versions 1:2.5.2p2-2.1 and openssh/1:4.7p1-5.Request was from Colin Watson
to control@bugs.debian.org
. (Mon, 04 Jan 2010 02:18:08 GMT) (full text, mbox, link).
Bug Marked as found in versions 1:2.5.2p2-2.1.Request was from Colin Watson
to control@bugs.debian.org
. (Mon, 04 Jan 2010 02:18:08 GMT) (full text, mbox, link).
Bug Marked as found in versions openssh/1:4.7p1-5.Request was from Colin Watson
to control@bugs.debian.org
. (Mon, 04 Jan 2010 02:18:08 GMT) (full text, mbox, link).
Merged 99785510932.Request was from Colin Watson
to control@bugs.debian.org
. (Mon, 04 Jan 2010 02:18:08 GMT) (full text, mbox, link).
Information forwardedto debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers
:Bug#99785
; Package openssh-client
. (Mon, 19 Jul 2010 16:21:02 GMT) (full text, mbox, link).
Ssh Copy 17 03 15
Acknowledgement sentto Matt Keys
:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers
. (Mon, 19 Jul 2010 16:21:03 GMT) (full text, mbox, link).
Message #32 received at 99785@bugs.debian.org (full text, mbox, reply):
Reply sentto Colin Watson
:
You have taken responsibility. (Tue, 07 May 2013 12:57:35 GMT) (full text, mbox, link).
Notification sentto Kai Henningsen
:
Bug acknowledged by developer. (Tue, 07 May 2013 12:57:35 GMT) (full text, mbox, link).
Message #37 received at 99785-close@bugs.debian.org (full text, mbox, reply):
Reply sentto Colin Watson
:
You have taken responsibility. (Tue, 07 May 2013 12:57:35 GMT) (full text, mbox, link).
Notification sentto 'Trent W. Buck'
:
Bug acknowledged by developer. (Tue, 07 May 2013 12:57:35 GMT) (full text, mbox, link).
Bug archived.Request was from Debbugs Internal Request
to internal_control@bugs.debian.org
. (Thu, 06 Jun 2013 07:28:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator .Last modified:Sun Oct 25 10:57:25 2020; Machine Name:bemboDebbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,1997,2003 nCipher Corporation Ltd,1994-97 Ian Jackson,2005-2017 Don Armstrong, and many other contributors.