Windows 10 OpenSSH Equivalent of "ssh-copy-id"

Written on May 24, 2020

At the moment, Windows 10’s implementation of the OpenSSH client does not have the ssh-copy-id command available. However, a PowerShell one-line command can mimic the ssh-copy-id command and allow you to copy an SSH public key generated by the ssh-keygen command to a remote Linux device for passwordless login.

Generate an SSH Key

Note: If you have already generated an SSH keypair that you would like to use, skip this section and proceed to the Copy SSH Key to Remote Linux Device section.

First, open a new PowerShell window and generate a new SSH keypair with the ssh-keygen command. By default, the public and private keys will be placed in the %USERPROFILE%/.ssh/ directory. The public key file we are interested in is named id_rsa.pub.

PS C:\Users\Christopher> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Christopher/.ssh/id_rsa):
Created directory 'C:\Users\Christopher/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\Christopher/.ssh/id_rsa.
Your public key has been saved in C:\Users\Christopher/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/mjkrJOQbRzCAwlSPYVBNcuxntm/Ms5/MMC15dCRrMc christopher@Christopher-Win10-VM-01
The key's randomart image is:
+---[RSA 2048]----+
|oo.+o==    o.o   |
|. o +. =  o =    |
|   o .+. . B     |
|    +..+o o E    |
|     *+.S. .     |
|    o +...o      |
|     o =. .o     |
|      o.*o ..    |
|      .=+++.     |
+----[SHA256]-----+
PS C:\Users\Christopher>

Copy SSH Key to Remote Linux Device

Next, we use the below PowerShell one-line command to copy the contents of the id_rsa.pub public key to a remote Linux device. Replace the {IP-ADDRESS-OR-FQDN} with the IP address or FQDN (Fully Qualified Domain Name) of the remote Linux device you would like to copy the public key to.

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {IP-ADDRESS-OR-FQDN} "cat >> .ssh/authorized_keys"

An example of this command is shown below. In this example, I am copying the contents of the id_rsa.pub public key to a remote Linux device at IP address 192.168.30.31.

PS C:\Users\Christopher> type $env:USERPROFILE\.ssh\id_rsa.pub | ssh 192.168.30.31 "cat >> .ssh/authorized_keys"
The authenticity of host '192.168.30.31 (192.168.30.31)' can't be established.
ECDSA key fingerprint is SHA256:mTD0/WNCVZ/p/PFSkNDmLJtzIGb5eD7qj6erOQkomjM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.30.31' (ECDSA) to the list of known hosts.
christopher@192.168.30.31's password:
PS C:\Users\Christopher>

Test Passwordless SSH Connectivity to Remote Linux Device

Finally, verify that you can SSH to the remote Linux device with the ssh command. An example to a remote Linux device at IP address 192.168.30.31 is shown below. Note how a password did not need to be entered in order for us to establish SSH connectivity to the remote Linux device.

PS C:\Users\Christopher> ssh 192.168.30.31
Last login: Sat May 23 12:44:51 2020 from 192.168.10.139
[christopher@linux ~]$ who
christopher pts/0        2020-05-24 19:35 (192.168.10.113)

References

The instructions for this blog post were heavily inspired by Scott Hanselman’s blog post on the subject.