36

I am trying to setup a second access ssh key for a friend. He sent me his id_rsa.pub.

ssh-copy-id -i id_rsa.pub root@123.123.123.123
/usr/local/bin/ssh-copy-id: ERROR: failed to open ID file './id_rsa': No such file or directory

Do I need him to send me both files?

6 Answers6

30

It's not necessary to have the private key file to authorize a key on a server. In fact, you should never ask a friend for their private key, it's called private because it should be kept to yourself.

However, the ssh-copy-id command from OpenSSH might fail if there is no private key file with the same name available, because it tries to login with the specified key to check if it is already present on the remote server.

In recent versions you can override this behavior with the -f switch ("Forced mode").

From the man page:

-f

    Forced mode: doesn't check if the keys are present on the remote server.  This means that it does not need the private key.  Of course, this can result in more than one copy of the key being installed on the remote system.
Dario Seidl
  • 4,345
7

The .pub is sufficient. You are not in the correct folder.

You can try this :

ssh-copy-id -i /root/.ssh/id_rsa.pub root@123.123.123.123

(for the root user : not recommended, it's just an example).

This file is under the .ssh folder on the user folder.

tread
  • 386
Jérémy Munoz
  • 179
3

This has been reported as OpenSSH bug #2110.

Mihai Capotă
  • 1,233
3

As mentioned here this is a bug.

Anyway you can simply create an empty file to make it work. In your case:

$ touch ./id_rsa
$ ssh-copy-id -i id_rsa.pub root@123.123.123.123

I had the same issue and this worked for me

jawira
  • 131
2

No, You only need his public key stored in ~/.ssh/id_rsa.pub

Note that ssh-copy-id command uses the public key of the current user running the command which has the private key beside it.

You can either make a new key by running ssh-keygen and give your friend the key pair and delete the private one from your machine, or either add the private key of your friend manually to the remote server, by appending it at the end of the ~/.ssh/authorized_keys of the user that your friend will connect in the future.

Unicornist
  • 311
0

Yes it needs both.. In theory though, it shouldn't need both,

but it checks that the private key form of the public key specified with -i, is there, as a "safety check". So that if a user were to ssh from that machine with the private key form of that public key, then that private key should be there for that ssh to work!

It won't use the private key form of the public key specified with -i, to log in. It logs in with the same key that ssh will use.

see this related question

By default, does ssh-copy-id -i blah.pub user@host, log in with the private key specified by -i, or does it log in with ~/.ssh/id_rsa?"

barlop
  • 25,198