ssh-copy-id without authentication

How does Linux server allow anyone to copy the string (public key) using ssh-copy-id without authentication? Doesn't it allow the unknown user to copy any malicious file onto the server?


Solution 1:

ssh-copy-id just automates the commands

scp .ssh/id_rsa.pub user@other-host:
ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys'
ssh user@other-host 'rm id_rsa.pub'

That is: it copies your local id_rsa.pub file to the other server and appends it to the remote user's authorized_keys file.

It is just a convenience script and it requires authentication. You have to supply user's password (at other-host) for it to work. ssh-copy-id doesn't do anything else than scp and ssh on your behalf so if they require password authentication, ssh-copy-id will do so as well.

Solution 2:

If they don't know the password, they can't copy the id into the server so don't turn off PasswordAuthentication.

Match User user1,user2,user3
    PasswordAuthentication yes

Edit :

If you allow login without auth, they don't even need to copy-id their key, since they can login anyway without the key, IF they know the username..