43

ssh-copy-id can be used to install your public key in a remote machine's authorized_keys. Could the same command be used to install other users' public keys, if you have sudo ability?

Update: both local and remote are using Ubuntu 12.04.

Update 2: describing the procedure of creating a new user account and adding public key

  1. (remote) Create a new user account, and set it to user public key access only.
  2. (local) Generate a public key for the new user account (ssh-keygen).
  3. Normally I do is to create the directory and file .ssh/authorized_keys on the remote server, then copy and paste the public key generated locally to the new user's account. What I am looking for is that if I can use ssh-copy-id to install this newly created user's public key directly into the ssh directory. Just to save a couple more commands.
realguess
  • 543

3 Answers3

26

Not the same command but if you can use sudo on the remote host, you can use ssh to remotely do the required steps. I use the following command to push my ssh key to my raspberry's root user:

cat ~/.ssh/id_rsa.pub | \
  ssh pi@192.168.1.25 \
  "sudo mkdir -p /root/.ssh; sudo tee -a /root/.ssh/authorized_keys"
  • cats my public key
  • pipes it to ssh
  • ssh connects to my raspberry as ssh user
  • on remote uses sudo to create /root/.ssh
  • then uses sudo with "tee -a" to append stdin (which holds the key from first cat) to /root/.ssh/authorized_keys

Just put this stuff together as a script, maybe add some chmod/chown on the remote side and you have what you need.

jwhb
  • 103
Michael Wyraz
  • 421
2

In my case:

  • the root user can already login via ssh (password or ssh-key)
  • the user svruser already exists on the server and has passwordless sudo rights
  • I want to allow the svruser to login via ssh-key: i.e. upload the public ssh key, that is stored on my local PC to the remote server and append it to the authorized_keys file

This command worked for me:

cat LOCAL/PATH/my-ssh.pub | ssh root@my.host.com \
"sudo -u svruser bash -c 'mkdir -p ~/.ssh; chmod 700 ~/.ssh; tee -a ~/.ssh/authorized_keys'"

Details

  • execute this on my local PC in a terminal where ssh is installed (e.g. Linux terminal, WSL, or git-bash on windows)
  • cat LOCAL/PATH/my-ssh.pub just prints the file contents of my public ssh key to the terminal
  • | pipes the text of the ssh-key to the next (ssh) command
  • ssh root@my.host.com: connect via ssh as user root to my host
    • sudo -u svruser: execute the following command as user svruser
      • bash -c '..' executes the text inside of the single quotes in a bash hell
        • mkdir -p ~/.ssh create the (hidden) .ssh dir in the home-directory of the svruser
        • chmod 700 ~/.ssh: set the right permissions to the new dir: see Permissions on private key in .ssh folder?
        • tee -a ~/.ssh/authorized_keys: prints the ssh-key text (that we piped to the ssh command) to the terminal and appends the text to the authorized_keys file
TmTron
  • 318
0

Provided that we have access to the server at ADDRESS with the root user and the user we want to set up keys for is called ubuntu, the following one-liner can be used.

cat ~/.ssh/id_rsa.pub | ssh root@ADDRESS "su - ubuntu -c 'mkdir -p ~/.ssh && tee -a ~/.ssh/authorized_keys'"

This will work regardless whether .ssh and authorized_keys exist or not.

Vic
  • 111