[plug] Refresh ssh keys
Leon Brooks
leon at brooks.fdns.net
Mon Nov 25 21:00:16 WST 2002
On Monday 25 November 2002 08:11 pm, J Michael Gilks wrote:
> However, ssh will not work to any machines on the network. Bang go my
> dreams of a monitorless server quietly chugging in the background, being
> administered by webmin and ssh from the internal network.
> Reading man pages for ssh, ssh-add and etc has left me fairly confused and
> in need of assistance.
> The keys ssh uses seem to be stored in $HOME for each user on the computer.
> Can I refresh the keys for all users, or does each user need to refresh
> their own key, and how do they do it.
Generally, users delete defunct keys and add their own new ones in
~/.ssh/known_hosts. If you have a significant machine which has changed, you
could scrub the defunct key with something like this:
OLDK="stringofhexrubbish"
NEWK="differentstringofrubbish"
for user in $(gawk -F: </etc/passwd '$3 > 100 { print $1 }'); do
cd $(gawk -F: </etc/passwd "\$1 == $user { print $6 }')/.ssh
if [ -f known_hosts ]; then
rm -f kh.temp
touch kh.temp
chown $user kh.temp
chmod 600 kh.tmp
grep -v "$OLDK" < known_hosts >> kh.temp
echo name.of.host $NEWK >> kh.temp
echo ip.of.ho.st $NEWK >> kh.temp
mv -f kh.temp known_hosts
fi
done
There will, of course, be a neater PERL solution... listen for the quiet
crinkle of green fees being paid. (-:
Cheers; Leon
More information about the plug
mailing list