how to remove my key (ssh-keygen) when I do not know hostname? (But I know other things)
Solution 1
Nothing to do, except remove the keys you created (~/.ssh/id_rsa
and ~/.ssh/id_rsa.pub
). A quick summary of how SSH works and the purpose of the various files.
- SSH without passwords works with "assymetric keys".
- This requires a pair of keys that you generate, one private (
~/.ssh/id_rsa
) and one public (~/.ssh/id_rsa.pub
). - During the login process, SSH uses you local private key to do something that can be checked on the other system using your public key.
- The public key doesn't need to be kept securely. On the other hand the private key should never leave your local system. You can protect it with a password if you think your local system (and its backups) isn't secure enough and someone else could get access to the key.
- To identify yourself on other systems, you give them your public key. On these other systems, the userids that you can login to have your public key added to their
~/.ssh/authorized_keys
file, which, as its name implies, collects the public keys of all the people that can log in as that userid. This is done either manually with an editor or using thessh-copy-id
utility. - As an added protection (mostly useful when you use a password login AFAIK), the systems you connect to have an identifier. This identifier is sent to your system during the login process. If the identifier is not in your
known_hosts
file (which is the case the first time you connect to them), you are asked if you accept that identifier, and if so, it is added to your local~/.ssh/known_hosts
. Normally this identifier should never change, so if you are asked again later to accept the identifier, better ask confirmation to some admin.
So, where you are: you have just generated a couple of public/private keys on your local system.
- As long as they aren't used anywhere you can just erase them, sight unseen.
- If you copied the public key on a system, you can remove it for cleanliness, but it is not a security risk as long as the private key hasn't been compromised.
- If someday you suspect that your private key has been compromised (you keep it without a password and somebody accessed your system or your backups), then you should in earnest have the matching public keys removed from the
authorized_keys
of ids/systems where you copied it (from that point of view, theknown_hosts
file is a good clue of which systems hold a copy of your public key). Then you can generate a new pair, and copy the new public key to the necessary systems. - Normally you have no local
~/.ssh/authorized_keys
unless you also login on your local system using SSH (but this is rare, and is best avoided) - One case where you want to remove a host from the
known_hosts
file, is when the identifier of that host changes for legitimate purposes (host is reinstalled or upgraded and the old identifier gets lost in the process, but you should be told by an admin). You then want to be able to add the new id to yourknown_hosts
but this cannot be done as long as the previous id is there. One solution is to eraseknown_hosts
but you'll have to re-accept the keys of all your remote hosts, or you usessh-keygen -R <host>
to remove only the relevant obsolete key.
Solution 2
If you want to go back to ground zero, no ssh, just
rm -rf ~/.ssh
(Thanks @PerlDuck for the reminder about the "r" to recurse)
Now, I think you may be confusing your keys with keys from other servers you ssh into; those are in clear text in ~/.ssh/known_hosts
file - see how to manage my ssh known-hosts file
When trying to list files or directories that may begin with a period, be sure to add the "a" parm to the ls
command, as files beginning with a "." are "hidden" from the basic ls
command:
ls -la
Related videos on Youtube
trenta coollime
Updated on September 18, 2022Comments
-
trenta coollime over 1 year
I made a huge mistake in creating .ssh without any caution and I want to get rid of them and go back to where I started off.
I ran commands in
ssh-keygen -t rsa -b 4096 -C [email protected] Your identification has been saved in /home/trenta/.ssh/id_rsa. Your public key has been saved in /home/trenta/.ssh/id_rsa.pub. The key fingerprint is: The key's randomart image is: bash-4.1$ eval "$(ssh-agent -s)" bash-4.1$ ssh-add ~/.ssh/id_rsa bash-4.1$ ssh-keygen -y -f ~/.ssh/id_rsa Enter passphrase:
I want to go back now, and I am supposed to use
ssh -keygen -R hostname
But, I do not know hostname, how can I get rid of the key?
Thank you!
-
Scott Stensland almost 3 years
mv ~/.ssh ~/.ssh~~prior.art
and then give yourself a new onemkdir ~/.ssh
and then issuechmod 700 ~/.ssh
to give it proper permissions
-
-
trenta coollime over 5 yearsthere is not file in my .ssh directory so output is
-
trenta coollime over 5 yearsrm: cannot remove `/home/trenta/.ssh': Is a directory
-
Rochak Gupta almost 3 yearsThat's a fantastic answer. Thanks!