How to copy an SSH public key to a server

Public-key authentication in SSH enables access to remote accounts using a cryptographic key pair instead of a password, reducing exposure to brute-force attacks and avoiding repeated credential prompts during daily administration or automation.

In a typical OpenSSH setup, the public key resides in the local ~/.ssh directory with a .pub extension, while the private key stays on the local machine. The remote server reads the user's ~/.ssh/authorized_keys file during connection setup and grants access when a key listed there matches the private key offered by the client.

Reliable key-based login assumes an existing key pair, a reachable remote account, and correct permissions on the ~/.ssh directory and authorized_keys file. Using the ssh-copy-id helper preserves file format and permissions automatically, avoiding common problems such as malformed key lines or permission errors that cause OpenSSH to ignore keys.

1. Open the terminal on the local machine.
2. Locate the SSH public key in the ~/.ssh directory.

   $ ls ~/.ssh/id*
   /home/user/.ssh/id_rsa
   /home/user/.ssh/id_rsa.pub

   The public key normally has the .pub extension.

3. Verify that the key is in the OpenSSH public key format.

   $ file ~/.ssh/id_rsa.pub
   /home/user/.ssh/id_rsa.pub: OpenSSH RSA public key

   The authorized_keys file accepts public keys in OpenSSH format only.

   Related: How to change the format of an SSH key file

4. Use the ssh-copy-id command to add the public key to the remote server account.

   $ ssh-copy-id user@remote-host
   The authenticity of host 'remote-host (192.168.111.135)' can't be established.
   ECDSA key fingerprint is SHA256:hXGpY0ALjXvDUDF1cDs2N8WRO9SuJZ/lfq+9q99BPV0.
   Are you sure you want to continue connecting (yes/no)? yes
   /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
   /usr/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys
   user@remote-host's password:
   
   Number of key(s) added: 2
   
   Now try logging into the machine, with:   "ssh 'user@remote-host'"
   and check to make sure that only the key(s) you wanted were added.

   To use a different public key file instead of the default, specify it with the -i option.

   $ ssh-copy-id -i ~/.ssh/other_key.pub user@remote-host

5. Test the connection to the server using the SSH key.

   $ ssh -i ~/.ssh/id_rsa user@remote-host
   Welcome to Ubuntu 19.04 (GNU/Linux 5.0.0-20-generic x86_64)
   
    * Documentation:  https://help.ubuntu.com
    * Management:     https://landscape.canonical.com
    * Support:        https://ubuntu.com/advantage
   
     System information as of Sat Jun 29 11:31:23 UTC 2019
   
     System load:  0.16               Processes:            211
     Usage of /:   25.8% of 19.56GB   Users logged in:      1
     Memory usage: 13%                IP address for ens33: 192.168.111.135
     Swap usage:   0%
   
    * MicroK8s 1.15 is out! It has already been installed on more
      than 14 different distros. Guess which ones?
   
        https://snapcraft.io/microk8s
   
   0 updates can be installed immediately.
   0 of these updates are security updates.
   
   
   Last login: Sat Jun 29 11:08:20 2019 from 192.168.111.1