Why ssh-copy-id requires private key file

ssh ssh-keys

The ssh-copy-id was very useful for sending public keys to server. But it fail if you haven't private key file, now.

$ ssh-copy-id -i my_friend_rsa.pub [email protected]

/usr/bin/ssh-copy-id: ERROR: failed to open ID file 'my_friend_rsa': No such file

I don't understand this behaviour.

There are two cases for me:

  1. I send my own public key
  2. I send colleague's public key.

The first case is rare. The server has my public key already if I can connect to it. So I don't need the ssh-copy-id in this case.

The second case is very often. I grant access to other user. But I have not his nor her private key. So this behaviour makes the ssh-copy-id useless in second case.

Please, explain me why ssh-copy-id requires private key file?


Because of the way this program works. Citing man ssh-copy-id:

ssh-copy-id is a script that uses ssh(1) to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you've done some clever use of multiple identities). It assembles a list of one or more finger‐ prints (as described below) and tries to log in with each key, to see if any of them are already installed (of course, if you are not using ssh-agent(1) this may result in you being repeatedly prompted for pass-phrases). It then assembles a list of those that failed to log in, and using ssh, enables logins with those keys on the remote server.

I would agree that this can be too clever sometimes, but this is not the place to ask "why" as we are not the developers.


It needs the private key to verify, that the public key was installed properly (this is basically a sanity check). But ...

You can use the -f switch, which will allow you to copy just a public key to the server and will not validate that (if you have new enough openssh installed).

It is how the ssh-copy-id used to work before. The other possibility is the environment variable SSH_COPY_ID_LEGACY which allows you to restore this behavior:

$ SSH_COPY_ID_LEGACY=1 ssh-copy-id -i my_friend_rsa.pub [email protected]

Or you can just pick up current version of ssh-copy-id to use from upstream repository, which supports the -f switch.

Related

DNS - forwarded for
What is the minimum number of SSD drive for a tiered + mirrored storage spaces volume?
iscsi Windows Server hyper-v cluster
Specifying a VPC in a CloudFormation template for an EC2 instance
esxi vmdk out of disk space
Use of unused pairs in cat5 ethernet cables? [duplicate]
How to crash a single process in Linux?
Wordpress, nginx, php-fpm: XML-RPC not working
Microsoft Hypervisor: Can we map LUNs directly to VM like VMWare RDM using HyperV's Virtual Fibre Channel Feature?
What is MySQL "Key Efficiency"
Why does a small change to this Scala code make such a huge difference to performance?
The imported project Microsoft.WebApplications.targets was not found