How to undo an ssh-copy-id?

10.04 ssh hadoop

29,040

Solution 1

Identify the public key that you copied when you ran ssh-copy-id:

cat ~/.ssh/id_rsa.pub

SSH to the server you copied the key to:

ssh [email protected]

Edit the file ~hadoop/.ssh/authorized_keys on 192.168.1.1 using your preferred editor, and delete the line containing your key.

Solution 2

If you have done a ssh-copy-id like:

remote='user@machine'
ssh-copy-id -i $remote

So you can access this remote machine without using a password:

ssh $remote

To undo it programmatically, you can script something like:

idssh=$(awk '{print $2}' ~/.ssh/id_rsa.pub)
ssh $remote "sed -i '\#$idssh#d' .ssh/authorized_keys"

I use it in scripts I need to scp several files, so I ask only once for password.

29,040

Alex Gordon

Updated on September 18, 2022

Comments

Alex Gordon almost 2 years
I have a 2 node hadoop cluster.

I ran this command on the master:
```
$ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub [email protected]
```
How can I undo this? I would actually like to reassign the key.

192.168.1.1 is the slave.
S.R about 6 years

Is there a way to do it more automatic why? Like ssh-rm-id [email protected]
David Edwards about 6 years

@S.R I'm not aware of a single command that automates this. In theory, you could "automate" it yourself with a little one-liner using ssh to run a sed command (or similar) to edit ~/.ssh/authorized_keys and remove the line. See superuser.com/questions/429954/…
PerlDuck about 6 years

This might be a bit dangerous: you are grepping for the comment field of the key. It is an arbitrary string without any meaning and may be contained more than once. I'd grep either for the long AAA....== string (the actual key) or for the complete line from id_rsa.pub. But +1 for showing how to automate the removal of a key.
Javi M. about 6 years

@PerlDuck you are right. It is much better to use the key ($2) itself than the third field. Thank you.
Karsten over 4 years

@Javi M. I encountered another issue. The forward slash used by default as the delimiter in sed was in my public key. As a result, I found it best to use a semicolon as the sed delimiter since it appears unlikely to show up in public key. To do this, it was necessary to first escape the character. I ended up with something like this: ssh $remote "sed -i '\;$idssh;{d}' .ssh/authorized_keys"
Karsten over 4 years

Here is some information on which characters can end up in a public key.
Javi M. over 4 years

Thanks @ccalvert. Based on your suggested comment I have approved chris-maes edition
mle_ii almost 4 years

I am unable to make an edit as it's a single character and changes require more than that. I'm an Ubuntu noob, but I believe that the separator needs to be prefixed with the backslash \ character. At least that was the only way I could get this to actually remove the key line. So it should be '\#$idssh#d' instead.
Javi M. over 3 years

@mle_ii thaks for you fix