What, exactly, does ssh-copy-id do?

Question

What does the ssh-copy-id command do, exactly? I\'ve used it numerous times and it works great. However, when I try to manually cut and paste my .pub keyfile to my remote auth

Answer 1

This little command really should work. I use it every time there is no ssh-copy-id, for example when I'm on Mac.

cat ~/.ssh/id_rsa.pub | ssh <user>@<hostname> 'cat >> ~/.ssh/authorized_keys'

IMO It's better than manual copy and paste: in this case you know exactly what content will end up in the file

Answer 2

I usually copy-paste keys into authorized_keys as you describe (I forget about ssh-copy-id), so it can work. Note thatchmod 600 ~/.ssh/authorized_keys is required if you're creating the file.

ssh-copy-id is a shell script so you can open it in a text editor to see what it does, this looks like the relevant bit:

printf '%s\n' "$NEW_IDS" | ssh "$@" "
    umask 077 ;
    mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
    if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi"

restorecon in the last line restores default SELinux security contexts. I haven't had to run that, but it might be necessary in your case.