ssh-installkeys man page

_ssh-installkeys — install ssh keys on local and remote servers


ssh-installkeys [-h] [-c] [-p port] [-d] [-v] name@host...


This script tries to export ssh public keys to a specified site. It will walk the user through generating key pairs if it doesn't find any to export. It handles all the fiddly details, like remembering the ssh keyfile names and making sure local and remote permissions are correct. It tells you what it's doing if it has to change anything.

The name@host argument is the name of the host where your public keys should be installed. If it contains a @, the part before the @ will be clipped off and used as the login name. Otherwise your local login name will be used.

Note: this script does not parse your ssh configuration — therefore, if you have specified a different remote user in your configuration, this script will not know that. You can use the user@host syntax to force the remote username.

Recording Remote Key Locations

If either of the files ~/.config/ssh/installkeys or ~/.ssh/installkeys exists, places where you install keys will be recorded in it. This record will also be updated when you use the check option, so you can use that option to check sites where you may have previously installed keys and add them to the list. Entries are removed when you delete remote keys.

Beware that if your account is cracked, this record will offer the intruder a menu of other systems to attack, escalating security risks. Thus, to enable the recording feature, you must explicitly create ~/.ssh/installkeys using touch(1) or some other means. This tool will not create the file for you.


Invoked with the -h option, the program prints a usage summary and exits.

Invoked with the -c option, the program checks your local and remote ssh configuration for problems without changing anything (except that your record of where you have installed keys is updated).

The -p option allows you to set a port number, overriding the default 22. This may be useful if you have a firewall and port forwarding setup.

Invoked with the -d option, the program deletes any public keys under the specified login at the specified host. The configuration entries for any such keys are also removed.

The -v option says to report all commands and responses during the session. It's mainly useful for debugging.


Sites where keys have been installed may be recorded in ~/.ssh-installkeys or ~/.config/ssh-installkeys.


ssh-installkeys was written in Python 2.2a1. It will not work under Python 1.5.2.


This program relies on ptys to work correctly in combination with exec, but some implementations (notably under FreeBSD) don't. Suspect this if you see termination with the message "Remote ls returned empty string, bailing out"

If you encounter this or any other bug, the first thing to do is run with -v and see if that clarifies matters. If not, send the maintainer a session transcript.

See Also

ssh(1), ssh-keygen(1).


Eric S. Raymond <>.

There is a project web page at


07/15/2018 Internet