If you spend any time doing remote development over SSH—especially with tools like VS Code Remote—eventually you hit the same annoyance:
You know SSH keys are the right answer,
you know passwordless login is possible,
but the setup always feels more manual than it should.
For years, I handled this by copying keys around by hand, editing authorized_keys, fixing permissions, and occasionally wondering why SSH silently ignored everything I just did.
Then I rediscovered a tool that’s been quietly solving this problem for decades:
ssh-copy-id
The Problem: SSH Keys Are Simple… Until They Aren’t
At a high level, SSH key authentication is straightforward:
- Your local machine has a private key
- The remote machine has your public key in
~/.ssh/authorized_keys - If they match, you’re in—no password required
In practice, setting this up manually involves a checklist of footguns:
- Does
~/.sshexist on the remote host? - Are the permissions exactly right?
- Did I append the key or overwrite existing ones?
- Did I copy the correct public key?
- Why is SSH still asking for my password?
None of these are hard.
All of them are easy to mess up.
The Solution: ssh-copy-id
ssh-copy-id is a small utility that installs your public SSH key on a remote machine safely and correctly.
From your local machine, you run:
ssh-copy-id user@remote-host
You’ll be prompted for your password once. After that:
ssh user@remote-hostlogs in without a password- VS Code Remote SSH connects without prompting
- Scripts, automation, and tooling just work
That’s it.
What ssh-copy-id Does for You
Behind the scenes, it:
- Creates
~/.sshon the remote host if it doesn’t exist - Sets correct permissions (
700for.ssh,600forauthorized_keys) - Appends your key instead of overwriting anything
- Avoids duplicate entries
- Works with multiple key types (RSA, ECDSA, ED25519)
- Uses plain SSH—no special server support required
In other words, it encodes all the best practices you’d otherwise have to remember (or re-learn every time).
Why So Many People Miss This Tool
ssh-copy-id has an unusual problem: it works too well.
- It’s not required to use SSH
- It doesn’t do anything flashy
- It lives quietly alongside
ssh,scp, andrsync - Many admins learned SSH before it existed and kept teaching the manual method
As a result, plenty of experienced developers simply never run into it.
A Bit of History
ssh-copy-id emerged in the early 2000s as SSH was replacing legacy tools like telnet, rsh, and ftp.
Key-based authentication was already supported by OpenSSH, but onboarding new machines was repetitive and error-prone. The solution wasn’t a new protocol—it was a small helper script.
The tool became part of the OpenSSH Portable ecosystem and has evolved gradually with community contributions. It reflects classic Unix design philosophy:
Do one thing safely.
Make it easy to repeat.
Don’t surprise the user.
Today, it ships by default on most Linux distributions and is implicitly relied on by modern workflows—cloud provisioning, CI systems, Git hosting, and remote IDEs alike.
References & Further Reading
- OpenSSH Project (upstream home of SSH tooling)
https://www.openssh.com/ ssh-copy-idLinux manual page (man7.org)
https://man7.org/linux/man-pages/man1/ssh-copy-id.1.html- Debian OpenSSH client manual page for
ssh-copy-id
https://manpages.debian.org/openssh-client/ssh-copy-id.1.en.html - SSH.com Academy:
ssh-copy-idexplained
https://www.ssh.com/academy/ssh/copy-id
Final Thought
If you use SSH regularly and aren’t using ssh-copy-id, you’re doing extra work for no benefit.
This is one of those rare tools that:
- saves time
- reduces mistakes
- and has essentially no downside
The best tools don’t demand attention.
They quietly make the right thing easy.
Leave a Reply
You must be logged in to post a comment.