At the moment, Windows 10’s implementation of the OpenSSH client does not have the ssh-copy-id command available. However, a PowerShell one-line command can mimic the ssh-copy-id command and allow you to copy an SSH public key generated by the ssh-keygen command to a remote Linux device for passwordless login.
Generate an SSH Key
Note: If you have already generated an SSH keypair that you would like to use, skip this section and proceed to the Copy SSH Key to Remote Linux Device section.
First, open a new PowerShell window (not a Command Prompt window!) and generate a new SSH keypair with the ssh-keygen command. By default, the public and private keys will be placed in the %USERPROFILE%/.ssh/ directory. The public key file we are interested in is named id_rsa.pub.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
PS C:\Users\Christopher> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Christopher/.ssh/id_rsa):
Created directory 'C:\Users\Christopher/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\Christopher/.ssh/id_rsa.
Your public key has been saved in C:\Users\Christopher/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/mjkrJOQbRzCAwlSPYVBNcuxntm/Ms5/MMC15dCRrMc christopher@Christopher-Win10-VM-01
The key's randomart image is:
+---[RSA 2048]----+
|oo.+o== o.o |
|. o +. = o = |
| o .+. . B |
| +..+o o E |
| *+.S. . |
| o +...o |
| o =. .o |
| o.*o .. |
| .=+++. |
+----[SHA256]-----+
PS C:\Users\Christopher>
Copy SSH Key to Remote Linux Device
Next, we use the below PowerShell one-line command to copy the contents of the id_rsa.pub public key to a remote Linux device. Replace the {IP-ADDRESS-OR-FQDN} with the IP address or FQDN (Fully Qualified Domain Name) of the remote Linux device you would like to copy the public key to.
1
type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {IP-ADDRESS-OR-FQDN} "cat >> .ssh/authorized_keys"
An example of this command is shown below. In this example, I am copying the contents of the id_rsa.pub public key to a remote Linux device at IP address 192.168.30.31.
1
2
3
4
5
6
7
PS C:\Users\Christopher> type $env:USERPROFILE\.ssh\id_rsa.pub | ssh 192.168.30.31 "cat >> .ssh/authorized_keys"
The authenticity of host '192.168.30.31 (192.168.30.31)' can't be established.
ECDSA key fingerprint is SHA256:mTD0/WNCVZ/p/PFSkNDmLJtzIGb5eD7qj6erOQkomjM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.30.31' (ECDSA) to the list of known hosts.
[email protected]'s password:
PS C:\Users\Christopher>
Test Passwordless SSH Connectivity to Remote Linux Device
Finally, verify that you can SSH to the remote Linux device with the ssh command. An example to a remote Linux device at IP address 192.168.30.31 is shown below. Note how a password did not need to be entered in order for us to establish SSH connectivity to the remote Linux device.
1
2
3
4
PS C:\Users\Christopher> ssh 192.168.30.31
Last login: Sat May 23 12:44:51 2020 from 192.168.10.139
[christopher@linux ~]$ who
christopher pts/0 2020-05-24 19:35 (192.168.10.113)
References
The instructions for this blog post were heavily inspired by Scott Hanselman’s blog post on the subject.