Once you have an SSH key, logging into a server without a password is one command: install the public half on the server. On Linux and macOS that is ssh-copy-id.
Pick your OS. ssh-copy-id ships on Linux and macOS; on Windows you append the key by hand.
The one command (Linux and macOS)
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@serverssh-copy-id logs in once with your password, creates ~/.ssh on the server if needed, appends your public key to ~/.ssh/authorized_keys, and fixes the permissions. After that, the password is no longer needed.
Test it
ssh user@serverNo password prompt means the key is in. If it still asks for a password, jump to the troubleshooting list below.
The manual way (any OS, and what ssh-copy-id does under the hood)
ssh-copy-id is a convenience wrapper. The actual job is "append my public key to the server's ~/.ssh/authorized_keys". You can always do it by hand, which is the only option on Windows and on locked-down servers:
# 1. Print your PUBLIC key locally (never the private one)
cat ~/.ssh/id_ed25519.pub
# 2. On the server, create ~/.ssh and paste the key in
mkdir -p ~/.ssh && chmod 700 ~/.ssh
echo "ssh-ed25519 AAAA... you@example.com" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keysauthorized_keys is just a list of public keys, one per line. Each line that is present can log in as that user.
Cloud servers usually do this for you
On AWS, GCP, and most providers you hand the public key to the platform at launch and it places the key for you. See how to SSH into an EC2 instance and how to SSH into a GCP VM without gcloud for the provider-specific paths.
Still prompted for a password?
In order, the usual causes:
- Wrong permissions on the server.
sshdignores~/.sshorauthorized_keysif they are group- or world-writable. On the server:chmod 700 ~/.ssh,chmod 600 ~/.ssh/authorized_keys. This is the permissions-too-open problem, server side. - Key not offered. Point at the right identity:
ssh -i ~/.ssh/id_ed25519 user@server, or setIdentityFilein ~/.ssh/config. - Server forbids key auth. Some hosts set
PubkeyAuthentication no. You need server access to changesshd_config. - Pasted the private key by mistake. Only the
.pubfile goes on the server. If you ever pasted the private key anywhere, rotate it.
FAQ
None, functionally. ssh-copy-id automates exactly what you would do by hand: it appends your public key to the server's ~/.ssh/authorized_keys and sets the permissions. Editing the file manually is the fallback when ssh-copy-id is not available (Windows) or the server blocks it.
Always the public key (id_ed25519.pub). The private key never leaves your machine. The server stores public keys in authorized_keys and uses them to verify that you hold the matching private half.
Yes. One key per machine you log in from is the normal pattern: put that single public key in authorized_keys on every server you access. If the machine is compromised you rotate one key instead of dozens.
Pipe the public key over SSH into the remote authorized_keys: Get-Content $env:USERPROFILE\.ssh\id_ed25519.pub | ssh user@server "cat >> ~/.ssh/authorized_keys". If WSL is installed, the Linux ssh-copy-id works inside it.
See also
- How to Create an SSH Key in 2026: make the key first, then install it here.
- Add an SSH key to GitHub and GitLab: the same public key, pasted into a web service instead of a server.
- Fix SSH "permissions are too open": the server-side permission rules that block key auth.
- SSH Cheat Sheet: the full connect, tunnel, and copy reference.
Sources
Authoritative references this article was fact-checked against.
- ssh-copy-id(1) manual page (OpenBSD)man.openbsd.org
- sshd(8) manual page (OpenBSD, authorized_keys)man.openbsd.org





