Why use SSH Deploy Key?
There are lots of ways to copy out an ssh key to a remote host, such as by hand, with ssh-copy-id, or with configuration management tools.
Although ssh-deploy-key is not ideal for every situation, its speed and ease of use make it a good choice in many cases.
Clearly there are other good options for deploying ssh keys.
Deploying by Hand¶
ssh-deploy-key cannot deploy an ssh key to a host is on a different network, behind a jump box. In that case, deployment by hand is the way to go. But in other cases, ssh-copy-id is a better option. Even when just copying a key out to a single host, it’s a faster, easier, and more reliable option. These advantages only increase when copying keys out to multiple hosts.
ssh-copy-id is a great tool, but it’s not the ideal solution for every scenario.
ssh-copy-id is not installed by default on all systems, notably on Mac OS.
ssh-copy-id has no concept of ‘smart append’. It will append a key to the authorized keys file regardless of whether that key is already present.
Scripting the use of ssh-copy-id for deploying to multiple remote hosts can be challenging:
- Password is entered interactively for each host.
- In the case where there are numerous remote hosts that have not seen before, you’d need to interactively allow each host to be added to your known_hosts file.
Configuration Management Tools¶
Configuration management tools like Puppet, Chef, Ansible, etc. can do a fine job of deploying your ssh key(s) to numerous remote hosts. But if you are not already set up to use them for key distribution, this solution can be overkill.