ssh-copy-id Command: Copy SSH Keys to a Remote Server

ssh-copy-id is a utility that copies your local SSH public key to a remote server’s authorized_keys file. This sets up key-based authentication, allowing you to log in without entering a password. The command connects to the remote host over SSH to perform the installation.

In this guide, we will show you how to use the ssh-copy-id command with practical examples.

Prerequisites #

Before using ssh-copy-id, you need to have an SSH key pair. If you do not have one, generate it with:

ssh-keygen -t ed25519

This creates a private key (~/.ssh/id_ed25519) and a public key (~/.ssh/id_ed25519.pub). For more details, see our guide on how to generate SSH keys on Linux .

Syntax #

The basic syntax of ssh-copy-id is:

ssh-copy-id [options] [user@]hostname

The command copies the public key to the remote server and appends it to the ~/.ssh/authorized_keys file. It also sets the correct permissions on the remote .ssh directory and authorized_keys file.

Copying the Default Key #

To copy your default public key to a remote server, run:

ssh-copy-id user@remote_host

You will be prompted to enter the remote user’s password:

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@remote_host's password:

Number of key(s) added: 1

After the key is copied, you can log in without a password:

ssh user@remote_host

Specifying a Key File #

If you have multiple SSH keys, use the -i option to specify which public key to copy:

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@remote_host

Using a Non-Standard Port #

If the remote SSH server listens on a port other than the default 22, use the -p option:

ssh-copy-id -p 2222 user@remote_host

You can combine -i and -p:

ssh-copy-id -i ~/.ssh/id_ed25519.pub -p 2222 user@remote_host

Copying Keys Manually #

If ssh-copy-id is not available on your system, you can copy the key manually using cat and SSH:

cat ~/.ssh/id_ed25519.pub | ssh user@remote_host "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

This command does the following:

• Creates the ~/.ssh directory on the remote server if it does not exist.
• Sets the correct permissions (700) on the .ssh directory.
• Appends the public key to the authorized_keys file.
• Sets the correct permissions (600) on the authorized_keys file.

Common Options #

Troubleshooting #

Permission denied
A “Permission denied” error during ssh-copy-id is almost always caused by the remote server rejecting the password login that the command needs in order to install the key. The most common reason is that password authentication is disabled. Check /etc/ssh/sshd_config on the remote server for:

PasswordAuthentication yes

Restart the SSH service after making changes:

sudo systemctl restart sshd

If password authentication is already enabled, double-check that you are using the correct username, that the user is not locked, and that no AllowUsers or AllowGroups directive in sshd_config is restricting who can log in over SSH.

Connection refused or timeout
If the connection is refused or hangs, the SSH server is either not reachable or not running on the port you are trying. Make sure that the SSH service is active on the remote host, and use the -p option if it listens on a non-standard port:

ssh-copy-id -p 2222 user@remote_host

A firewall on the remote server or somewhere on the network path can also block port 22. Try a plain ssh user@remote_host first to confirm that you can reach the host before running ssh-copy-id.

Key already installed
If the key is already in the remote authorized_keys file, ssh-copy-id will skip it and display:

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.

Use the -f option to force installation if needed.

Quick Reference #

FAQ #

What does ssh-copy-id actually do?
It appends your public key to the ~/.ssh/authorized_keys file on the remote server and sets the correct file permissions. This enables key-based authentication.

Can I use ssh-copy-id on macOS?
Yes. ssh-copy-id is available through Homebrew: brew install ssh-copy-id. It is not included in macOS by default.

Is ssh-copy-id safe to use?
Yes. It only copies your public key, not your private key. The public key is meant to be shared.

What permissions does ssh-copy-id set?
It sets 700 on the ~/.ssh directory and 600 on the authorized_keys file. These permissions are required by the SSH server for security.

Can I copy keys to multiple servers?
Yes. Run ssh-copy-id once for each server. There is no built-in option to copy to multiple hosts at once, but you can use a loop: for host in server1 server2; do ssh-copy-id user@$host; done.

Conclusion #

The ssh-copy-id command is the simplest way to set up key-based SSH authentication. It copies your public key to a remote server and sets the correct permissions automatically.

After installing the key, test the SSH login in a new terminal before changing server authentication settings or closing your current session.

About the authors

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page