TechEarl

How to Add an SSH Key to a Server (ssh-copy-id)

Copy your public key to a server with ssh-copy-id, or append it to authorized_keys by hand, then log in without a password. Linux, macOS, and Windows.

Ishan Karunaratne⏱️ 4 min readUpdated
Share thisCopied
Copy your SSH public key to a server with ssh-copy-id or append it to authorized_keys by hand, then log in without a password. Linux, macOS, Windows.

Once you have an SSH key, logging into a server without a password is one command: install the public half on the server. On Linux and macOS that is ssh-copy-id.

Try it with your own values

Pick your OS. ssh-copy-id ships on Linux and macOS; on Windows you append the key by hand.

The one command (Linux and macOS)

bash· Linux (GNU)
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server

ssh-copy-id logs in once with your password, creates ~/.ssh on the server if needed, appends your public key to ~/.ssh/authorized_keys, and fixes the permissions. After that, the password is no longer needed.

Test it

bash· Linux (GNU)
ssh user@server

No password prompt means the key is in. If it still asks for a password, jump to the troubleshooting list below.

The manual way (any OS, and what ssh-copy-id does under the hood)

ssh-copy-id is a convenience wrapper. The actual job is "append my public key to the server's ~/.ssh/authorized_keys". You can always do it by hand, which is the only option on Windows and on locked-down servers:

bash
# 1. Print your PUBLIC key locally (never the private one)
cat ~/.ssh/id_ed25519.pub

# 2. On the server, create ~/.ssh and paste the key in
mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "ssh-ed25519 AAAA... you@example.com" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

authorized_keys is just a list of public keys, one per line. Each line that is present can log in as that user.

Cloud servers usually do this for you

On AWS, GCP, and most providers you hand the public key to the platform at launch and it places the key for you. See how to SSH into an EC2 instance and how to SSH into a GCP VM without gcloud for the provider-specific paths.

Still prompted for a password?

In order, the usual causes:

  1. Wrong permissions on the server. sshd ignores ~/.ssh or authorized_keys if they are group- or world-writable. On the server: chmod 700 ~/.ssh, chmod 600 ~/.ssh/authorized_keys. This is the permissions-too-open problem, server side.
  2. Key not offered. Point at the right identity: ssh -i ~/.ssh/id_ed25519 user@server, or set IdentityFile in ~/.ssh/config.
  3. Server forbids key auth. Some hosts set PubkeyAuthentication no. You need server access to change sshd_config.
  4. Pasted the private key by mistake. Only the .pub file goes on the server. If you ever pasted the private key anywhere, rotate it.

FAQ

See also

Sources

Authoritative references this article was fact-checked against.

TagsSSHssh-copy-idauthorized_keysLinuxmacOSWindowsDevOps

Found this useful? Pass it on.

Copied

Ishan Karunaratne

Tech Architect · Software Engineer · AI/DevOps

Tech architect and software engineer with 20+ years building software, Linux systems, and DevOps infrastructure, and lately working AI into the stack. Currently Chief Technology Officer at a healthcare tech startup, which is where most of these field notes come from.

More by IshanLinkedIn
Keep reading

Related posts

DevOps

How to Add an EBS Volume to an EC2 Instance

Create an EBS volume, attach it to a running EC2 instance, format and mount it, and survive reboots with a UUID-based fstab entry. Console, AWS CLI, and Terraform walkthroughs plus the Nitro device-naming gotcha that trips everyone.