ssh-copy-id without authentication

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
0
down vote

favorite












How does Linux server allow anyone to copy the string (public key) using ssh-copy-id without authentication? Doesn't it allow the unknown user to copy any malicious file onto the server?






ssh security







share|improve this question

















  • 5




    What gave you that impression? ssh-copy-id just automates the commands scp .ssh/id_rsa.pub user@other-host; ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys, i.e. it's just a convenience script. It does require authentication.
    – PerlDuck
    Feb 25 at 17:33










  • @PerlDuck So, can anyone who knows the server's public ip create public key and copy that onto the server ?
    – Prem
    Feb 25 at 17:39






  • 1




    @Prem No. You need the password of user@other-host to add the public key to user@other-host's authorized_keys file. Believe me: ssh-copy-id doesn't do anything else than scp and ssh on your behalf.
    – PerlDuck
    Feb 25 at 17:43














up vote
0
down vote

favorite












How does Linux server allow anyone to copy the string (public key) using ssh-copy-id without authentication? Doesn't it allow the unknown user to copy any malicious file onto the server?






ssh security







share|improve this question

















  • 5




    What gave you that impression? ssh-copy-id just automates the commands scp .ssh/id_rsa.pub user@other-host; ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys, i.e. it's just a convenience script. It does require authentication.
    – PerlDuck
    Feb 25 at 17:33










  • @PerlDuck So, can anyone who knows the server's public ip create public key and copy that onto the server ?
    – Prem
    Feb 25 at 17:39






  • 1




    @Prem No. You need the password of user@other-host to add the public key to user@other-host's authorized_keys file. Believe me: ssh-copy-id doesn't do anything else than scp and ssh on your behalf.
    – PerlDuck
    Feb 25 at 17:43












up vote
0
down vote

favorite









up vote
0
down vote

favorite











How does Linux server allow anyone to copy the string (public key) using ssh-copy-id without authentication? Doesn't it allow the unknown user to copy any malicious file onto the server?






ssh security







share|improve this question













How does Linux server allow anyone to copy the string (public key) using ssh-copy-id without authentication? Doesn't it allow the unknown user to copy any malicious file onto the server?






ssh security




ssh security






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Feb 25 at 17:28









Prem

1053




1053







  • 5




    What gave you that impression? ssh-copy-id just automates the commands scp .ssh/id_rsa.pub user@other-host; ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys, i.e. it's just a convenience script. It does require authentication.
    – PerlDuck
    Feb 25 at 17:33










  • @PerlDuck So, can anyone who knows the server's public ip create public key and copy that onto the server ?
    – Prem
    Feb 25 at 17:39






  • 1




    @Prem No. You need the password of user@other-host to add the public key to user@other-host's authorized_keys file. Believe me: ssh-copy-id doesn't do anything else than scp and ssh on your behalf.
    – PerlDuck
    Feb 25 at 17:43












  • 5




    What gave you that impression? ssh-copy-id just automates the commands scp .ssh/id_rsa.pub user@other-host; ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys, i.e. it's just a convenience script. It does require authentication.
    – PerlDuck
    Feb 25 at 17:33










  • @PerlDuck So, can anyone who knows the server's public ip create public key and copy that onto the server ?
    – Prem
    Feb 25 at 17:39






  • 1




    @Prem No. You need the password of user@other-host to add the public key to user@other-host's authorized_keys file. Believe me: ssh-copy-id doesn't do anything else than scp and ssh on your behalf.
    – PerlDuck
    Feb 25 at 17:43







5




5




What gave you that impression? ssh-copy-id just automates the commands scp .ssh/id_rsa.pub user@other-host; ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys, i.e. it's just a convenience script. It does require authentication.
– PerlDuck
Feb 25 at 17:33




What gave you that impression? ssh-copy-id just automates the commands scp .ssh/id_rsa.pub user@other-host; ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys, i.e. it's just a convenience script. It does require authentication.
– PerlDuck
Feb 25 at 17:33












@PerlDuck So, can anyone who knows the server's public ip create public key and copy that onto the server ?
– Prem
Feb 25 at 17:39




@PerlDuck So, can anyone who knows the server's public ip create public key and copy that onto the server ?
– Prem
Feb 25 at 17:39




1




1




@Prem No. You need the password of user@other-host to add the public key to user@other-host's authorized_keys file. Believe me: ssh-copy-id doesn't do anything else than scp and ssh on your behalf.
– PerlDuck
Feb 25 at 17:43




@Prem No. You need the password of user@other-host to add the public key to user@other-host's authorized_keys file. Believe me: ssh-copy-id doesn't do anything else than scp and ssh on your behalf.
– PerlDuck
Feb 25 at 17:43










2 Answers
2






active

oldest

votes

















up vote
4
down vote



accepted










ssh-copy-id just automates the commands



scp .ssh/id_rsa.pub user@other-host:
ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys'
ssh user@other-host 'rm id_rsa.pub'


That is: it copies your local id_rsa.pub file to the other server and appends it to the remote user's authorized_keys file.



It is just a convenience script and it requires authentication. You have to supply user's password (at other-host) for it to work. ssh-copy-id doesn't do anything else than scp and ssh on your behalf so if they require password authentication, ssh-copy-id will do so as well.






share|improve this answer





























    up vote
    2
    down vote













    If they don't know the password, they can't copy the id into the server so don't turn off PasswordAuthentication.



    Match User user1,user2,user3
     PasswordAuthentication yes


    Edit :



    If you allow login without auth, they don't even need to copy-id their key, since they can login anyway without the key, IF they know the username..






    share|improve this answer






















    • And if they know the password ?
      – An0n
      Apr 12 at 20:33










    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "89"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1009683%2fssh-copy-id-without-authentication%23new-answer', 'question_page');

    );

    Post as a guest

















    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    4
    down vote



    accepted










    ssh-copy-id just automates the commands



    scp .ssh/id_rsa.pub user@other-host:
    ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys'
    ssh user@other-host 'rm id_rsa.pub'


    That is: it copies your local id_rsa.pub file to the other server and appends it to the remote user's authorized_keys file.



    It is just a convenience script and it requires authentication. You have to supply user's password (at other-host) for it to work. ssh-copy-id doesn't do anything else than scp and ssh on your behalf so if they require password authentication, ssh-copy-id will do so as well.






    share|improve this answer


























      up vote
      4
      down vote



      accepted










      ssh-copy-id just automates the commands



      scp .ssh/id_rsa.pub user@other-host:
      ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys'
      ssh user@other-host 'rm id_rsa.pub'


      That is: it copies your local id_rsa.pub file to the other server and appends it to the remote user's authorized_keys file.



      It is just a convenience script and it requires authentication. You have to supply user's password (at other-host) for it to work. ssh-copy-id doesn't do anything else than scp and ssh on your behalf so if they require password authentication, ssh-copy-id will do so as well.






      share|improve this answer
























        up vote
        4
        down vote



        accepted







        up vote
        4
        down vote



        accepted






        ssh-copy-id just automates the commands



        scp .ssh/id_rsa.pub user@other-host:
        ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys'
        ssh user@other-host 'rm id_rsa.pub'


        That is: it copies your local id_rsa.pub file to the other server and appends it to the remote user's authorized_keys file.



        It is just a convenience script and it requires authentication. You have to supply user's password (at other-host) for it to work. ssh-copy-id doesn't do anything else than scp and ssh on your behalf so if they require password authentication, ssh-copy-id will do so as well.






        share|improve this answer














        ssh-copy-id just automates the commands



        scp .ssh/id_rsa.pub user@other-host:
        ssh user@other-host 'cat id_rsa.pub >> .ssh/authorized_keys'
        ssh user@other-host 'rm id_rsa.pub'


        That is: it copies your local id_rsa.pub file to the other server and appends it to the remote user's authorized_keys file.



        It is just a convenience script and it requires authentication. You have to supply user's password (at other-host) for it to work. ssh-copy-id doesn't do anything else than scp and ssh on your behalf so if they require password authentication, ssh-copy-id will do so as well.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Feb 25 at 17:46

























        answered Feb 25 at 17:40









        PerlDuck

        4,03311030




        4,03311030






















            up vote
            2
            down vote













            If they don't know the password, they can't copy the id into the server so don't turn off PasswordAuthentication.



            Match User user1,user2,user3
             PasswordAuthentication yes


            Edit :



            If you allow login without auth, they don't even need to copy-id their key, since they can login anyway without the key, IF they know the username..






            share|improve this answer






















            • And if they know the password ?
              – An0n
              Apr 12 at 20:33














            up vote
            2
            down vote













            If they don't know the password, they can't copy the id into the server so don't turn off PasswordAuthentication.



            Match User user1,user2,user3
             PasswordAuthentication yes


            Edit :



            If you allow login without auth, they don't even need to copy-id their key, since they can login anyway without the key, IF they know the username..






            share|improve this answer






















            • And if they know the password ?
              – An0n
              Apr 12 at 20:33












            up vote
            2
            down vote










            up vote
            2
            down vote









            If they don't know the password, they can't copy the id into the server so don't turn off PasswordAuthentication.



            Match User user1,user2,user3
             PasswordAuthentication yes


            Edit :



            If you allow login without auth, they don't even need to copy-id their key, since they can login anyway without the key, IF they know the username..






            share|improve this answer














            If they don't know the password, they can't copy the id into the server so don't turn off PasswordAuthentication.



            Match User user1,user2,user3
             PasswordAuthentication yes


            Edit :



            If you allow login without auth, they don't even need to copy-id their key, since they can login anyway without the key, IF they know the username..







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Feb 25 at 17:42









            pa4080

            12.3k52256




            12.3k52256










            answered Feb 25 at 17:37









            An0n

            80418




            80418











            • And if they know the password ?
              – An0n
              Apr 12 at 20:33
















            • And if they know the password ?
              – An0n
              Apr 12 at 20:33















            And if they know the password ?
            – An0n
            Apr 12 at 20:33




            And if they know the password ?
            – An0n
            Apr 12 at 20:33

















             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1009683%2fssh-copy-id-without-authentication%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            Trouble downloading packages list due to a “Hash sum mismatch” error

            Image
            Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_natty_main_source_Sources Hash Sum mismatch, E: Some index files failed to download. They have been ignored, or old ones used instead. apt share | improve this question edited Nov 12 '14 at 23:37 Braiam 49.5k 19 130 210 asked May 9 '11 at 20:55 Rob 5,300 10 26 40 add a comment  |  up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_nat...
            Read more

            How do so many people here on Academia.SE, and in general, afford lavish higher education programs?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 45 down vote favorite 7 I graduated last year with a BS in Computer Science. I do not come from a particularly wealthy family, (very low middle class), and was only able to afford my education via school loans/scholarships and working low-wage jobs, with no support from my family or anyone else. I realize some scholarship/loan programs extend into grad school. But I don't think those cover all costs. Now I'm lucky enough to have a decent-paying salary in industry, along with benefits and living on my own, and I'm thinking one day (sooner rather than later) I'd like to try my hand at research or continue my degree, but these things cost money, in addition to my regular living expenses. I read posts here often about academic people being in positions of choosing between these crazy research grad programs, some in Japan, or Ireland (while they currently live in the U.S./U.K.) then moving around between countries/universit...
            Read more

            How do I move numbers in filenames, in a batch renaming operation?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 10 down vote favorite 1 I have been trying to figure out how to rename files for the past few hours. I have 2000 files that are like this: file.1.pdb file.2.pdb file.3.pdb I would like to rename these files to something like: file.pdb.1 file.pdb.2 file.pdb.3 command-line batch-rename share | improve this question edited Mar 29 at 21:36 Eliah Kagan 79.6k 20 222 359 asked Mar 29 at 15:33 user812758 51 3 Didn't you mean bash ? – avazula Mar 29 at 15:38 4 @avazula No please read this article : en.wikipedia.org/wiki/Batch_renaming – Ali Razmdideh Mar 29 at 15:47 @PerlDuck yes ;) – Ali Razmdideh Mar 29 at 15:52 6 Possible duplicate of How to easily rename files using command line? – wjandrea Mar 29 at 16:09 2 Hey close voters...
            Read more