Why use SSH Deploy Key?

The Case

There are lots of ways to copy out an ssh key to a remote host, such as by hand, with ssh-copy-id, or with configuration management tools.

Although ssh-deploy-key is not ideal for every situation, its speed and ease of use make it a good choice in many cases.


Clearly there are other good options for deploying ssh keys.

Deploying by Hand

ssh-deploy-key cannot deploy an ssh key to a host is on a different network, behind a jump box. In that case, deployment by hand is the way to go. But in other cases, ssh-copy-id is a better option. Even when just copying a key out to a single host, it’s a faster, easier, and more reliable option. These advantages only increase when copying keys out to multiple hosts.


ssh-copy-id is a great tool, but it’s not the ideal solution for every scenario.

  • ssh-copy-id is not installed by default on all systems, notably on Mac OS.

  • ssh-copy-id has no concept of ‘smart append’. It will append a key to the authorized keys file regardless of whether that key is already present.

  • Scripting the use of ssh-copy-id for deploying to multiple remote hosts can be challenging:

    • Password is entered interactively for each host.
    • In the case where there are numerous remote hosts that have not seen before, you’d need to interactively allow each host to be added to your known_hosts file.

Configuration Management Tools

Configuration management tools like Puppet, Chef, Ansible, etc. can do a fine job of deploying your ssh key(s) to numerous remote hosts. But if you are not already set up to use them for key distribution, this solution can be overkill.