Linux delete ssh key

Command to remove a ssh authorized key on server

Is there a command (or a one-liner) to remove a ssh key on a server? Something like the opposite of ssh-copy-id?

Some SSH server software support the RFC 4819 protocol for managing authorized SSH keys, but it’s so rare it’s almost nonexistent on Linux 🙁

Its worth noting that ssh-keygen does provide the -R option for removing keys from known_hosts , but sadly ssh-keygen -R -f ~/.ssh/authorized_keys doesn’t work. I would use the sed option below, instead.

4 Answers 4

As Ignatio suggested this can be done with grep -v .

Here is a example which removes the key containing some unique string or just deletes the authorized_keys file when no other key remains.

if test -f $HOME/.ssh/authorized_keys; then temp_file=$(mktemp) if grep -v "some unique string" $HOME/.ssh/authorized_keys > $temp_file; then cat $temp_file > $HOME/.ssh/authorized_keys && rm $temp_file; else rm $HOME/.ssh/authorized_keys && rm $temp_file; fi; fi 

Replace some unique string with something that only exists in the key you wish to remove.

As a oneliner over ssh this becomes

ssh hostname 'if test -f $HOME/.ssh/authorized_keys; then temp_file=$(mktemp); if grep -v "some unique string" $HOME/.ssh/authorized_keys > $temp_file; then cat $temp_file > $HOME/.ssh/authorized_keys && rm $temp_file; else rm $HOME/.ssh/authorized_keys && rm $temp_file; fi; fi' 

Tested on Linux (SLES) and HP-UX.

Источник

How can I remove an SSH key?

If you’re trying to perform an SSH-related operation and get the following error:

$ git fetch no such identity: : No such file or directory 

You can remove the missing SSH key from your SSH agent with the following:

$ eval `ssh-agent -s` # start ssh agent $ ssh-add -D # delete ssh key 

Unless I’m misunderstanding, you lost your .ssh directory containing your private key on your local machine and so you want to remove the public key which was on a server and which allowed key-based login.

In that case, it will be stored in the .ssh/authorized_keys file in your home directory on the server. You can just edit this file with a text editor and delete the relevant line if you can identify it (even easier if it’s the only entry!).

I hope that key wasn’t your only method of access to the server and you have some other way of logging in and editing the file. You can either manually add a new public key to authorised_keys file or use ssh-copy-id . Either way, you’ll need password authentication set up for your account on the server, or some other identity or access method to get to the authorized_keys file on the server.

ssh-add adds identities to your SSH agent which handles management of your identities locally and «the connection to the agent is forwarded over SSH remote logins, and the user can thus use the privileges given by the identities anywhere in the network in a secure way.» (man page), so I don’t think it’s what you want in this case. It doesn’t have any way to get your public key onto a server without you having access to said server via an SSH login as far as I know.

Note that there are at least two bug reports for ssh-add -d/-D not removing keys:

• «Debian Bug report #472477: ssh-add -D does not remove SSH key from gnome-keyring-daemon memory»
• «Ubuntu: ssh-add -D deleting all identities does not work. Also, why are all identities auto-added?»

ssh-add -d/-D deletes only manually added keys from gnome-keyring.
There is no way to delete automatically added keys.
This is the original bug, and it’s still definitely present.

So, for example, if you have two different automatically-loaded ssh identities associated with two different GitHub accounts — say for work and for home — there’s no way to switch between them. GitHubtakes the first one which matches, so you always appear as your ‘home’ user to GitHub, with no way to upload things to work projects.

Allowing ssh-add -d to apply to automatically-loaded keys (and ssh-add -t X to change the lifetime of automatically-loaded keys), would restore the behavior most users expect.

More precisely, about the issue:

• It subverts the normal operation of ssh-agent, mostly just so that it can pop up a pretty box into which you can type the passphrase for an encrypted ssh key.
• And it paws through your .ssh directory, and automatically adds any keys it finds to your agent.
• And it won’t let you delete those keys.

This bug is still confirmed in Ubuntu 14.04.4, as recently as two days ago (August 21st, 2014)

• Do ssh-add -D to delete all your manually added keys. This also locks the automatically added keys, but is not much use since gnome-keyring will ask you to unlock them anyways when you try doing a git push .
• Navigate to your ~/.ssh folder and move all your key files except the one you want to identify with into a separate folder called backup. If necessary you can also open seahorse and delete the keys from there.
• Now you should be able to do git push without a problem.

What you really want to do is to turn off gpg-keyring-daemon altogether.
Go to System —> Preferences —> Startup Applications , and unselect the » SSH Key Agent (Gnome Keyring SSH Agent) » box — you’ll need to scroll down to find it.

You’ll still get an ssh-agent , only now it will behave sanely: no keys autoloaded, you run ssh-add to add them, and if you want to delete keys, you can. Imagine that.

This comments actually suggests:

The solution is to keep gnome-keyring-manager from ever starting up, which was strangely difficult by finally achieved by removing the program file’s execute permission.

Ryan Lue adds another interesting corner case in the comments:

In case this helps anyone: I even tried deleting the id_rsa and id_rsa.pub files altogether, and the key was still showing up.

Turns out gpg-agent was caching them in a ~/.gnupg/sshcontrol file; I had to manually delete them from there.

That is the case when the keygrip has been added as in here.

Check if folder .ssh is on your system

If not, then

Paste in the terminal

Remove existing SSH keys

1. Create new SSH key → ssh-keygen -t rsa -b 4096 -C «[email protected]»
2. The public key has been saved in «/Users/administrator/.ssh/id_ed25519.pub.»
3. Open the public key saved path.
4. Copy the SSH key → GitLab Account → Setting → SSH Key → Add key
5. Test again from the terminal → ssh -T [email protected]

Источник

how to remove my key (ssh-keygen) when I do not know hostname? (But I know other things)

Nothing to do, except remove the keys you created ( ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub ). A quick summary of how SSH works and the purpose of the various files.

• SSH without passwords works with «assymetric keys».
• This requires a pair of keys that you generate, one private ( ~/.ssh/id_rsa ) and one public ( ~/.ssh/id_rsa.pub ).
• During the login process, SSH uses you local private key to do something that can be checked on the other system using your public key.
• The public key doesn’t need to be kept securely. On the other hand the private key should never leave your local system. You can protect it with a password if you think your local system (and its backups) isn’t secure enough and someone else could get access to the key.
• To identify yourself on other systems, you give them your public key. On these other systems, the userids that you can login to have your public key added to their ~/.ssh/authorized_keys file, which, as its name implies, collects the public keys of all the people that can log in as that userid. This is done either manually with an editor or using the ssh-copy-id utility.
• As an added protection (mostly useful when you use a password login AFAIK), the systems you connect to have an identifier. This identifier is sent to your system during the login process. If the identifier is not in your known_hosts file (which is the case the first time you connect to them), you are asked if you accept that identifier, and if so, it is added to your local ~/.ssh/known_hosts . Normally this identifier should never change, so if you are asked again later to accept the identifier, better ask confirmation to some admin.

So, where you are: you have just generated a couple of public/private keys on your local system.

• As long as they aren’t used anywhere you can just erase them, sight unseen.
• If you copied the public key on a system, you can remove it for cleanliness, but it is not a security risk as long as the private key hasn’t been compromised.
• If someday you suspect that your private key has been compromised (you keep it without a password and somebody accessed your system or your backups), then you should in earnest have the matching public keys removed from the authorized_keys of ids/systems where you copied it (from that point of view, the known_hosts file is a good clue of which systems hold a copy of your public key). Then you can generate a new pair, and copy the new public key to the necessary systems.
• Normally you have no local ~/.ssh/authorized_keys unless you also login on your local system using SSH (but this is rare, and is best avoided)
• One case where you want to remove a host from the known_hosts file, is when the identifier of that host changes for legitimate purposes (host is reinstalled or upgraded and the old identifier gets lost in the process, but you should be told by an admin). You then want to be able to add the new id to your known_hosts but this cannot be done as long as the previous id is there. One solution is to erase known_hosts but you’ll have to re-accept the keys of all your remote hosts, or you use ssh-keygen -R to remove only the relevant obsolete key.

Источник

How to Add and Delete SSH Keys

Changing SSH keys on a running server using the Customer Portal will reinstall and wipe all data on the server. You can manually change SSH keys without reinstalling the server by following this Quickstart Guide.

Prerequisites

• To follow this guide, you must have an SSH key in OpenSSH format. See our guide to create an SSH key.
• This guide applies to Linux and BSD servers.
• This guide is suitable for Linux, Mac, or Windows workstations.

Add SSH Key to Vultr Instance

Deploy a new SSH key from a Linux or Mac workstation with ssh-copy-id .

Linux and Mac workstations

The ssh-copy-id utility is pre-installed on most Linux distributions. Mac workstations can install it via Homebrew, MacPorts, or using Curl.

Use the utility to add your public key to the server.

• Specify the correct public key with the -i [path to public key] parameter.
• Specify the username and server IP address (or domain name) as shown. For example, the root user at 192.0.2.123:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.0.2.123 

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/example_user/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.0.2.123's password: 

Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.0.2.123'" and check to make sure that only the key(s) you wanted were added. 

Windows workstations

Windows workstations can mimic the ssh-copy-id utility with a one-line PowerShell command. The example shown pipes the the public key through SSH from the current user’s profile to the root user’s ~/.ssh/authorized_keys.

PS> type $env:USERPROFILE\.ssh\id_rsa.pub | ssh root@192.0.2.123 "cat >> .ssh/authorized_keys" 

Alternate method for any workstation type

1. SSH to the server.
2. Edit ~/.ssh/authorized_keys.
3. Append your public key to the file.
4. Save and exit.

Delete SSH Key

There are no common automatic methods to delete a public key, you must remove it manually.

1. SSH to your server.
2. Edit ~/.ssh/authorized_keys.
3. Remove the line containing your key.
4. Save and exit.

Manage SSH Keys via API

The Vultr API offers several endpoints to manage SSH keys.

• Create a new SSH key for use with future instances. This does not update any running instances.
• List all SSH keys in your account.
• Get information about an SSH key.
• Update an SSH key.
• Delete an SSH key.

More Information

For more information about managing SSH keys, see our other guides:

Want to contribute?

You could earn up to $600 by adding new articles.

Источник