56

Is there any equivalent or port of ssh-copy-id available for Windows? That is, is there an easy way to transfer SSH keys from a local machine to a remote server under Windows?

In case it helps, I'm using Pageant and Kitty (a Putty alternative) already.

mrdenny
  • 27,074
  • 4
  • 40
  • 68
Matt V.
  • 837
  • 1
  • 9
  • 12

11 Answers11

27

ssh-copy-id is a pretty simple script that should be pretty easy to replicate under windows.

If you ignore all the parameter handling, error handling, and so on, these are the two commands from ssh-copy-id that are actually doing the work most of the time.

GET_ID="cat ${ID_FILE}"
{ eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1

Using the putty tools a command like this should be equivalent (not tested).

type  public_id | plink.exe username@hostname "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys"

If you want to do all the same error handling, and the automatic key location, I am sure writing a script under Windows will be a lot trickier, but certainly possible.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • 1
    Thanks! I couldn't get it to work at first; I was getting "access denied" errors back, but plink wasn't stopping to let me enter the password. I then tried passing plink the password using the -pw switch and that worked. Do you know if there is a way to get plink to pause for you to enter the password mid-way through? – Matt V. Jan 20 '11 at 22:45
  • Not really sure about password authentication and plink. Whenever I actually use it I already have my key on the system, and I have pagent running. – Zoredache Jan 20 '11 at 23:17
  • 4
    `plink.exe -pw password` works. Also if you know .ssh/authorized_keys exists the command is simply `type id_rsa.pub | plink.exe -ssh user@host -pw password "cat >> .ssh/authorized_keys"` – KCD Apr 15 '14 at 00:50
  • @KCD It is sufficient if the `.ssh/` directory exists. The `>>` redirection will then create the file if it does not exist. – pabouk - Ukraine stay strong Oct 02 '16 at 20:57
20

These answers didn't help me out. I really didn't need any crazy scripts. I had created a public key on my client machine in git bash and was trying to copy it to a VPS.

After creating your public key, the key should be stored as "(whatever folder you started in)/.ssh/id_rsa.pub"

So use this command:
cat ~/.ssh/id_rsa.pub | ssh user@123.45.67.89 "cat >> ~/.ssh/authorized_keys" where user is your username (sometimes "root", or whatever you may have set up), and replace 123.45.67.89 with your machine / host / VPS's IP address.

If the directory .ssh is not yet created on the host machine, use this small variation:
cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"

Augie Gardner
  • 301
  • 2
  • 3
16

ssh-copy-id does a couple of things (read the man page for details), but the most important thing it does is append the contents of your local public key file to a remote file called authorized_keys.

  • You could do this yourself by opening the key file with a text editor and pasting the contents in the Kitty terminal.
    echo 'long_line_with_contents_of_public_key_file' >> .ssh/authorized_keys

  • Alternatively, you could upload the file using WinSCP (which uses sftp, or scp as a fallback) and do something similar to my previous suggestion, without the ugly copy/pasting.
    cat id_rsa.pub >> .ssh/authorized_keys
    where id_rsa.pub is the filename of the public key you uploaded.

user9517
  • 114,104
  • 20
  • 206
  • 289
Kenny Rasschaert
  • 8,925
  • 3
  • 41
  • 58
5

Inspired by zoredache's answer, I've created a bunch of scripts that are the windows version. However they all depend on plink. Please take a look here

https://github.com/VijayS1/Scripts/blob/master/ssh-copy-id/

I also have a winscp script that can be used as per another answer. :) Excerpt from the readme:

Attempted methods so far:

  • DOS(.cmd) - Success
    • usage: .\Scriptname test@example.com password [identity file]
  • VBS (.vbs) - Success
    • usage: .\Scriptname /i:idtest.pub user@example.com /p:password
  • Powershell(.ps1) - Success
    • usage: .\Scriptname -i idtest.pub user@example.com password
  • mremoteNG (ext app) - Success
    • Select Host, right click, external tools, select Scriptname
  • WinSCP script (.bat) - Success
    • # "WinSCP.com" /script=".\Scriptname" /parameter "user[:password]@example.com" "id_rsa.pub" [/log=".\copyssh.log]"
Vijay
  • 227
  • 5
  • 14
5

In Windows 7 there is a ssh.exe

Here is what worked for me:

1. create identity (on windows)

c:\>ssh-keygen

That created an identity file in the home directory. I changed the name of the public key to "id_rsa"

2. copy the file to the target linux system using the ssh Credits to https://serverfault.com/users/984/zoredache for his answer

c:\>ssh user@lnxhost "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys || exit 1" < \\path_to_where_the_file_was_generated_from_ssh_key_gen\id_rsa.pub

Note: For some reason piping didn't work for me:

# this should work but it didn't work for me 
type file | ssh user@lnxhost "cat >> /tmp/t.txt"

3. Correct the file on linux The id_rsa.pub file on windows is multiline where linux expects it in in a single line so we have to correct it a bit. Login to linux and open the file:

vi ~/.ssh/authorized_keys

For example:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, user@winhost"
AAAAB3NzaC1yc2EAAAABIwAAAQEAnvYlVooXGoj3+7huZBUqf4wj57r25SHCKiiShyla33
5flX7Rsmb4meExpdh2NzfzffG15xl1wo0xBZ3HdZdqF2GUniEcNbtVjS1FKzQwPfsYPHMC
Y58qT0U2ZgK1zsXj2o0D2RWrCv3DFFfwUgNyZRYN2HK32umY6OmGSOVuJvIKhT+X6YaCVy
ax3CHv2ByB2OTBl9mh4nrwYAVXToT+X2psBE+MKB5R85lrUGkl3GtymTk10Dvf5O80exdT
LFRMvkCA5RAIZgvxMk/bbNaH/0UHQoctX9oaDeKGWUPfVaknFBQdU9009+lK/ocAlKVNHE
Qkw+1wuV6dFoT1/hngSw==
---- END SSH2 PUBLIC KEY ----

should become

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnvYlVooXGoj3+7huZBUqf4wj57r25SHCKiiShyla335flX7Rsmb4meExpdh2NzfzffG15xl1wo0xBZ3HdZdqF2GUniEcNbtVjS1FKzQwPfsYPHMCY58qT0U2ZgK1zsXj2o0D2RWrCv3DFFfwUgNyZRYN2HK32umY6OmGSOVuJvIKhT+X6YaCVyax3CHv2ByB2OTBl9mh4nrwYAVXToT+X2psBE+MKB5R85lrUGkl3GtymTk10Dvf5O80exdTLFRMvkCA5RAIZgvxMk/bbNaH/0UHQoctX9oaDeKGWUPfVaknFBQdU9009+lK/ocAlKVNHEQkw+1wuV6dFoT1/hngSw== user@winhost

4. test it

c:\>ssh user@lnxhost "ls -al /tmp/"

This should list the content of /tmp without asking for the password.

Deian
  • 151
  • 1
  • 3
5

If you do not have ssh-copy-id on Windows, you can run it on the server itself.

  • In PuTTYgen, load your private key (.ppk);
  • Copy the contents of the box Public key for pasting into OpenSSH authorized_keys file to a clipboard.
  • Paste it into your favorite editor (Windows Notepad will do).
  • Save the contents to a file with .pub extension.
  • Upload the .pub file to the server.
  • Login to the server with an SSH client, like PuTTY.
  • On the server type:

    ssh-copy-id -i mykey.pub username@localhost
    

On Windows ssh-copy-id script comes with Git for Windows. So you may use that locally, if you have Git for Windows.


If you do not want to do this manually, you can use WinSCP 5.15. It can setup the public key authentication for you.
Use Tools > Install Public Key into Server button on SSH > Authentication page of WinSCP Advanced Site Settings dialog.

enter image description here

(I'm the author of WinSCP)

Martin Prikryl
  • 7,327
  • 2
  • 36
  • 71
  • This should be the accepted answer: git-bash for Windows 7; Linux Subsystem available in Windows 10 – Alex Apr 01 '19 at 06:45
0

If you are using cmder (or msysgit/mingw that has scp & ssh), I just wrote a simple python script for this. It can be found here: https://gist.github.com/ceilfors/fb6908dc8ac96e8fc983

Sample usage: python ssh-copy-id.py user@remote-machine.

Password will be prompted upon running the script.

ceilfors
  • 109
  • 2
0

what i did, having CygWin on my Win10, connecting to Linux (based on aboves answer):

- note: using cat, it would resolve the cygwin path automatically, as well as any cygwin command using the cygwin-linux-folder-structure

1. added c:\cygwin\bin to the environment's Path variable
2. starting cmd.exe (windows commandline)
3. > ssh-keygen -t rsa   (just pressing enter till done)
4. > cat ~/.ssh/id_rsa.pub | ssh user@server "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys"
5. ..enter server password
6. > ssh user@server (testing, not beeing asked for password)
BananaAcid
  • 121
  • 4
0

This following steps would do:

STEP-1: Generate RSA Key Pair

C:\Users\user>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/user//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/user//.ssh/id_rsa.
Your public key has been saved in /c/Users/user//.ssh/id_rsa.pub.
The key fingerprint is:
20:16:9b:0d:00:92:c4:34:99:51:20:b7:ef:50:c4:0f user@localhost

STE2-2: ssh-copy-id equivalent in windows

C:\Users\user>ssh user@remote "umask 077; test -d .ssh || mkdir .ssh ; cat >> .s
sh/authorized_keys || exit 1" < "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys
 || exit 1" < C:\Users\user\.ssh\id_rsa.pub
The authenticity of host 'remote (xx.xx.xxx.xx)' can't be established.
RSA key fingerprint is 99:99:73:74:fe:14:bc:91:c8:3b:ac:f4:95:99:4d:06.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'remote,xx.xx.xxx.xx' (RSA) to the list of known hosts.
*************************************************************************
This computer system is the property of Sample Corporation and is to
be used for business purposes.  All information, messages, software and
hardware created, stored, accessed, received, or used by you through
this system is considered to be the sole property of Sample Corporation
and can and may be monitored, reviewed, and retained at any time.  You
should have no expectation that any such information, messages or
material will be private.  By accessing and using this computer, you
acknowledge and consent to such monitoring and information retrieval.
By accessing and using this computer, you also agree to comply with
all of Sample Company's policies and standards.
*************************************************************************
user@remote's password:[Enter Password for first time]

STEP-3: Passwordless authentication works!

C:\Users\user>ssh user@remote
*************************************************************************
This computer system is the property of Sample Corporation and is to
be used for business purposes.  All information, messages, software and
hardware created, stored, accessed, received, or used by you through
this system is considered to be the sole property of Sample Corporation
and can and may be monitored, reviewed, and retained at any time.  You
should have no expectation that any such information, messages or
material will be private.  By accessing and using this computer, you
acknowledge and consent to such monitoring and information retrieval.
By accessing and using this computer, you also agree to comply with
all of Sample Company's policies and standards.
*************************************************************************
Last login: Wed Oct 14 14:37:13 2015 from localhost
kasperd
  • 29,894
  • 16
  • 72
  • 122
GANESH
  • 1
0

There is a Windows version of ssh-copy-id I found on GitHub: https://github.com/zhengyi-yang/ssh-copy-id/tree/master/dist

0

Powershell version for SSH included in Git For Windows

In fact, it can work as long as you have ssh in your path. Add the following in your powershell profile:

function ssh-copy-id([string]$userAtMachine){   
    $publicKey = "$ENV:USERPROFILE" + "/.ssh/id_rsa.pub"
    if (!(Test-Path "$publicKey")){
        Write-Error "ERROR: failed to open ID file '$publicKey': No such file"            
    }
    else {
        & cat "$publicKey" | ssh $userAtMachine "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys || exit 1"      
    }
}

In a powershell console:

ssh-copy-id user@machine
Fab
  • 111
  • 5