HOW TO COPY PUBLIC KEY TO SSH SERVER THATS NOT LISTENING ON PORT 22 – ssh-copy-id only works on port 22
########################################################################################################

This is needed for passwordless authentication with ssh. Instead of a password it will authenticate the public key you gave to the remote system, with your private key (your private key never leaving your local server)

general syntax:
# cat ID_RSA.PUB | ssh -p PORT_NUMBER REMOTE_USER@REMOTE_HOST “cat – >> /home/REMOTE_USER/authorized_hosts”

might need to chown the file after (explained later in the article)
# cat ID_RSA.PUB | ssh -p PORT_NUMBER REMOTE_USER@REMOTE_HOST “cat – >> /home/REMOTE_USER/authorized_hosts; chown REMOTE_USER:REMOTE_GROUP /home/REMOTE_USER/authorized_hosts”

NOTE: all this localuser and remoteuser stuff is important, because usually each user has different public and private keys and only the public keys that are on authorized_hosts will work.

How its done using the complex command:

Read in the public key file, send it across ssh (specifying the port and user and server ip or hostname) then tell ssh to run cat (which reads a file, that file being a dash – meaning standard in, standard in being what ssh gave it, which was what the orginal cat gave to ssh, which is the id_rsa.pub public key). Whatever ssh gets piped in, it pipes out into the command we run on the server (so we pipe in a id_Rsa.pub file, it will pipe that out into the command we tell it to run, which is cat)

first make sure your currently logged in user has an ssh rsa or dsa public and private keyfile that works with open ssh (if not run “ssh-keygen” which by default makes an rsa file): cat ~/.ssh/id_rsa.pub (hopefully that has output, note sometimes people save their ssh keys else where, but its rare, and you should know if thats the case), to compliment a public key file is the private key file is also made with ssh-keygen ~/.ssh/id_rsa (this file should not be passed along thru these commands, or any commands, it should be untouched and never leave this system, unless your doing a wierd system migration or backup)

NOTE: authorized_hosts has the public keys on new lines. no other important data is there.

authorized_hosts content:
openssh public key user1
openssh public key user2
openssh public key user3

note: a typical openssh public key will have the key in encrypted text followed by a comment appended to the key (still being on the same line – that line might wrap around if you have wrap mode on in your viewer/ text editor)

====================================================================================
local currently connected localusers user giving the file to root on remote system
====================================================================================

first log in as current user
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 root@www.hello.com “cat – >> ~/.ssh/authorized_hosts”

note: the permissions will be saved on the new system with the remote users permissions, since we are logging in as root thats who will be saving the file

=======================================================================================
local currently connected localusers user giving the file to otheruser on remote system
=======================================================================================

to send the key to another user (other then root)
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 otheruser@www.hello.com “cat – >> /home/otheruser/.ssh/authorized_hosts”
or
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 otheruser@www.hello.com “cat – >> ~/.ssh/authorized_hosts”

both methods work as ~ will be the same as /home/otheruser

That should cover the basics. for most everything the above will work, for more complex keep on reading.

===============================================================================
Remote system root user saving key file to different user on the remote system
===============================================================================

beware if you log in as root on the remote system to save to another user (might make the authorized_hosts file root only permissions, and the authorized_hosts wont be read by the otheruser when trying to connect, to fix that log in and run a chown or chmod to fix that, you can append the chown and chmode command to the ssh command like so, just dont forget the semicolon between the end of the cat command and the start of the chown command). so here is the correct way:

sending to another user (but logging in as root on the remote system – useful if otheruser doesnt have a bash prompt as default shell – maybe you need to send him some complex ssh things for another shell program thats setup, so this is good as well – but at that point instead of setting up your public key on otheruser, just check out the command sshpass and instead run with it):
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 root@www.hello.com “cat – >> /home/otheruser/.ssh/authorized_hosts; chown otheruser:otheruser /home/otheruser/.ssh/authorized_hosts”

===========================================================================================================================
METHOD1: Being logged in as another user(like root) but passing a different localusers key to any user on the remote system
===========================================================================================================================

otheruserL is the user on the local system that will give its key (so that otheruserL can log in to remote host as otheruserR)

* to send another local users key (Without logging in to that local user) to the root user on the remote system: otheruserR here is root:
# cat /home/otheruserL/.ssh/id_rsa.pub | ssh -p 9856 root@www.hello.com “cat – >> ~/.ssh/authorized_hosts”

* to send another local users key (Without logging in to that local user) to another user on the remote system:
# cat /home/otheruserL/.ssh/id_rsa.pub | ssh -p 9856 otheruserR@www.hello.com “cat – >> /home/otheruserR/.ssh/authorized_hosts”
or
# cat /home/otheruserL/.ssh/id_rsa.pub | ssh -p 9856 otheruserR@www.hello.com “cat – >> ~/.ssh/authorized_hosts”

* to send another local users key (Without logging in to that local user) to another user on the remote system (but loggin in as root on remote system):
# cat /home/otheruserL/.ssh/id_rsa.pub | ssh -p 9856 root@www.hello.com “cat – >> /home/otheruser/.ssh/authorized_hosts; chown otheruser:otheruser /home/otheruser/.ssh/authorized_hosts”

===========================================================================================================================
METHOD2: Being logged in as another user(like root) but passing a different localusers key to any user on the remote system
===========================================================================================================================

BUT… instead of all that I would just log in as otheruserL on the localsystem using su and then just use the commands from before:

* to send another local users key (Without logging in to that local user) to the root user on the remote system:
# su – otheruserL
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 root@www.hello.com “cat – >> ~/.ssh/authorized_hosts”

* to send another local users key (Without logging in to that local user) to another user on the remote system:
su – otheruserL
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 otheruser@www.hello.com “cat – >> /home/otheruser/.ssh/authorized_hosts”
or:
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 otheruser@www.hello.com “cat – >> ~/.ssh/authorized_hosts”

* to send another local users key (Without logging in to that local user) to another user on the remote system (but loggin in as root on remote system):
# cat ~/.ssh/id_rsa.pub | ssh -p 9856 root@www.hello.com “cat – >> /home/otheruser/.ssh/authorized_hosts; chown otheruser:otheruser /home/otheruser/.ssh/authorized_hosts”
ssh-copy-id
##########
##########

This works if the remote server is listening on port 22 (my commands above also work just change the port arguments to “-p 22”, or completely remote the “-p PORT_NUMBER” as by default ssh will use port 22)

copy id of currently logged in user to remote_user:
ssh-copy-id REMOTE_USER@REMOTE_HOST

to copy key of another user first log in using su or some other method:
su – localuserL
ssh-copy-id REMOTE_USER@REMOTE_HOST
exit (to get back to the original local user if used su)

 

One thought on “HOW TO COPY PUBLIC KEY TO SSH SERVER THATS NOT LISTENING ON PORT 22 – ssh-copy-id only works on port 22 – ssh-copy-id at bottom

  1. Please check your references to “authorized_hosts”. I think yo mean “authorized_keys”.
    I wasted far too long getting SSH working because of this 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *