Open Support Ticket
24/7 customer support
Open Support Ticket Chat with our AVAHOST expert
English Flag English
Login
info@ava-host.com
Sign Up Login

Home » FAQ » How and Why use ssh-copy-id & ssh-keygen commands in Linux

How and Why use ssh-copy-id & ssh-keygen commands in Linux

Popular:
LEVEL UP YOUR SERVER SETUP! APPLY AVA AND LAUNCH WITH A 15% DISCOUNT
USE PROMO:
March 6, 2025 16:03 4 min

Secure Shell (SSH) is one of the most widely used tools for securely managing and accessing remote systems. Instead of relying on traditional password-based authentication, which is less secure and prone to brute-force attacks, system administrators often configure SSH key-based authentication for better security, scalability, and automation.

This guide explains how to generate SSH keys using ssh-keygen, copy them securely to a remote server using ssh-copy-id, verify the configuration, and follow security best practices.

Understanding SSH Key-Based Authentication

With SSH keys, authentication happens using a public-private key pair:

  • Private Key (id_rsa) → Stays on your local machine and must be protected.
  • Public Key (id_rsa.pub) → Placed on the remote server under ~/.ssh/authorized_keys.
  • When connecting, SSH uses public-key cryptography to authenticate you automatically without exposing passwords.

This method is more secure and more convenient, especially for developers, sysadmins, and automated deployments.

Generating SSH Keys with ssh-keygen

Run the following command to generate a new SSH key pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Options explained:

  • -t rsa → Specifies the encryption algorithm (RSA).
  • -b 4096 → Uses a 4096-bit key for stronger encryption (recommended).
  • -C → Adds a comment to identify the key, usually your email or username.

Interactive prompts:

  • File to save the key → Press Enter to accept the default:

    ~/.ssh/id_rsa

  • Passphrase (optional but recommended) → Adds an extra layer of security.
    If set, you’ll need to enter it when using the private key.

 Copying the Public Key to a Remote Server (ssh-copy-id)

Once the keys are generated, use ssh-copy-id to transfer your public key to the remote server:

ssh-copy-id user@remote-server
  • user → Username on the remote server.
  • remote-server → Hostname or IP address of the remote machine.

This command:

  • Appends your public key (id_rsa.pub) to the server’s:

    ~/.ssh/authorized_keys

  • Automatically sets correct permissions for the .ssh directory and key file.

Alternative Method (Manual Setup)

If ssh-copy-id isn’t available, you can manually copy the key:

cat ~/.ssh/id_rsa.pub | ssh user@remote-server "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

This command:

  • Creates the .ssh directory if missing.
  • Appends your public key.
  • Sets secure permissions.

Verifying SSH Key Authentication

To confirm everything works:

ssh user@remote-server

  • If configured correctly, you should log in without entering a password.

  • If a passphrase was set, you’ll be prompted for it instead.

Security Best Practices

a) Use Strong Encryption

  • Prefer RSA 4096 or Ed25519:

    ssh-keygen -t ed25519 -C "your_email@example.com"

  • Ed25519 keys are smaller, faster, and more secure.

b) Restrict Permissions on Key Files

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

SSH will refuse to use keys if permissions are too open.

On the remote server, edit:

sudo nano /etc/ssh/sshd_config

Set:

PasswordAuthentication no

ChallengeResponseAuthentication no
UsePAM yes

Then restart SSH:

sudo systemctl restart ssh

d) Use SSH Agent for Passphrase Management

Instead of typing your passphrase every time, use ssh-agent:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

This caches your key for the session.

Troubleshooting Common Issues

ProblemPossible CauseSolution
Still asks for a passwordWrong permissions or missing keyCheck ~/.ssh perms and authorized_keys
“Permission denied” errorWrong username or IPConfirm correct login credentials
ssh-copy-id not foundUtility missingInstall via: sudo apt install openssh-client
Key ignoredToo-permissive file permissionsRun chmod 600 ~/.ssh/id_rsa

Conclusion

Using ssh-keygen and ssh-copy-id enhances security and convenience when managing remote servers. By configuring SSH key authentication, administrators can eliminate the risks associated with password-based logins while streamlining secure access.

Related Posts

How to Use the grep Command to Find Information in Files

When managing Linux servers, efficiently locating specific information within logs, configuration files, or command outputs is crucial. The grep command...

May 6, 20253 min

MySQL Error – The Server Quit Without Updating PID File

Fixing MySQL “Server Quit Without Updating PID File” Error on AvaHost VPS The MySQL error  The server quit without updating...

Feb 28, 20253 min

How to Use WP Hide Login to Protect the WordPress Admin Page

One of the simplest and most effective ways to secure your WordPress website is by hiding the default login page....

May 15, 20253 min