Why can't I ssh-copy-id to an EC2 instance?


Solution 1

I needed to run

ssh-add ~/.ssh/ec2-keypair

Solution 2

I had the same problem: ssh-copy-id gives the error Permission denied (publickey) on an AWS EC2 instance. I was sure that I set all the permissions correctly using chmod.

In addition, I needed to change this line in /etc/ssh/sshd_config from

PasswordAuthentication no


PasswordAuthentication yes

I guess that's because ssh-copy-id asks for your password.

Then the error disappeared.

Solution 3

It seems like ssh-copy-id is confused about connecting with a key in order to copy another key.

My solution:

ssh-copy-id -f "-o IdentityFile ec2-keypair.pem" [email protected]


  • -o IdentityFile ec2-keypair.pem: I'm using a "raw" ssh option to connect using the AWS-generated key.
  • -f: ssh-copy-id tries to copy the AWS-generated key again, so force mode is necessary to copy the other key.

Solution 4

Just do:

scp -i ec2-keypair ~/.ssh/id_rsa.pub [email protected]:~/


ssh -i ec2-keypair [email protected]

And when you logged in:

cat id_rsa.pub >> .ssh/authorized_keys
rm id_rsa.pub

Now you can log with

ssh [email protected]

Related videos on Youtube

Jeremy Smith
Author by

Jeremy Smith

I'm a founder/hacker, who has gone from having touched any code since 2007. My first startup was founded in 2003 and I was in retrospect using alot of "worst of breed" technologies and methodologies. I learned from my mistakes and the heartache it caused, and am determined do it right this time. In the last 6 months I have learned and heavily used the following technologies: Ruby, Padrino, Objective C, MacRuby, Mongo DB, Chef, AWS, Elastic Search, Redis, Haml Soon to come: SASS, coffeescript, d3 This site has been INVALUABLE to the learning process and I am forever indebted to everyone who has helped me.

Updated on September 18, 2022


  • Jeremy Smith
    Jeremy Smith 3 months

    I have a ubuntu Natty instance on EC2, and I can SSH into it by

    ssh -v -i ec2-keypair [email protected]@XXXX.compute-1.amazonaws.com

    But I'd like to set up password less sshing. So I tried these options and nothing is working:

     $ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
    Permission denied (publickey).
     $ ssh-copy-id -i ~/.ssh/ec2-keypair [email protected]
    /usr/bin/ssh-copy-id: ERROR: No identities found
     $ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
    Permission denied (publickey).
  • Kingz
    Kingz over 8 years
    Beware though that changing the PasswordAuthentication from 'no' to 'yes' can lock you out of your EC2 instance.
  • Piyush S. Wanare
    Piyush S. Wanare almost 6 years
    I have done this for both postgres and my admin normal user still when I run ssh-copy-id -f -i /var/lib/postgres/.pubfilename [email protected] still getting permission denied error.
  • 4Z4T4R
    4Z4T4R about 5 years
    Note in some environments, you'll need to run eval "$(ssh-agent)" if you see Could not open a connection to your authentication agent