Security doubt about ssh-copy-id
by banderas20 from LinuxQuestions.org on (#6D5GG)
Hi!
I have been using SSH for a long time, and I do know the purpose of ssh-copy-id command.
If I copy the pubfile contents and paste it into the authorised_keys file on the target server, that's OK, because I already have access to the target server, and there are not security concerns.
However, I have a silly doubt regarding how ssh-copy-id command works.
Whenever we issue ssh-copy-id -i <pubfile> user@host, we are adding the pubfile contents to authorised_keys file of the ./ssh directory of "user" on "host" machine. But we don't necessary have access to that server yet.
Why can anyone issue that command from anywhere without being asked anything? I mean... anyone could add an arbitrary public key and gain access to any server. Who or which mechanism controls that?
Sorry if that's an obvious question, but I can't find the clue.
Thanks!
I have been using SSH for a long time, and I do know the purpose of ssh-copy-id command.
If I copy the pubfile contents and paste it into the authorised_keys file on the target server, that's OK, because I already have access to the target server, and there are not security concerns.
However, I have a silly doubt regarding how ssh-copy-id command works.
Whenever we issue ssh-copy-id -i <pubfile> user@host, we are adding the pubfile contents to authorised_keys file of the ./ssh directory of "user" on "host" machine. But we don't necessary have access to that server yet.
Why can anyone issue that command from anywhere without being asked anything? I mean... anyone could add an arbitrary public key and gain access to any server. Who or which mechanism controls that?
Sorry if that's an obvious question, but I can't find the clue.
Thanks!