12 March 2013

Simplify SSH Setup on Remote Machines With ssh-copy-id

If you're not aware of the ssh-copy-id command to copy your SSH keys to a remote server, then you should really check it out. It seems to be prevalent on Linux but it's not available in the BSD world (which means it's not part of Mac OS X).

Just last week I encountered some folks who were not aware of this handy little utility and it's definitely not the first time. So I thought I'd just mention it here in the hope that others might like the info as well. The ssh-copy-id utility is a shell script that, quite simply, copies your SSH keys to a remote server, sets up the permissions correctly and appends the keys to the remote-host’s .ssh/authorized_key file. For those folks like me on Mac OS X who want this script, here's a port of the script from Linux.

Here's a quick example of using ssh-copy-id from Linux:

bsnyder@ubux:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.82.150
The authenticity of host '172.16.82.150 (172.16.82.150)' can't be established.
ECDSA key fingerprint is 83:df:ca:af:61:ab:59:cc:a5:08:28:f3:ac:72:87:18.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.82.150' (ECDSA) to the list of known hosts.
bsnyder@172.16.82.150's password: 
Now try logging into the machine, with "ssh '172.16.82.150'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

bsnyder@ubux:~$ ssh 172.16.82.150
Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-17-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

bsnyder@ubuntu:~$ 
Notice that first I used ssh-copy-id and then I immediately logged into the machine using the key (i.e., without a passphrase).

This task is certainly something that's relatively easy to do manually, but why expend the effort on a manual solution when there's something pre-built for the exactly problem?