How to undo an ssh-copy-id?
29,040
Solution 1
Identify the public key that you copied when you ran ssh-copy-id
:
cat ~/.ssh/id_rsa.pub
SSH to the server you copied the key to:
ssh [email protected]
Edit the file ~hadoop/.ssh/authorized_keys
on 192.168.1.1
using your preferred editor, and delete the line containing your key.
Solution 2
If you have done a ssh-copy-id
like:
remote='user@machine'
ssh-copy-id -i $remote
So you can access this remote machine without using a password:
ssh $remote
To undo it programmatically, you can script something like:
idssh=$(awk '{print $2}' ~/.ssh/id_rsa.pub)
ssh $remote "sed -i '\#$idssh#d' .ssh/authorized_keys"
I use it in scripts I need to scp
several files, so I ask only once for password.
Related videos on Youtube
Author by
Alex Gordon
Updated on September 18, 2022Comments
-
Alex Gordon almost 2 years
I have a 2 node hadoop cluster.
I ran this command on the master:
$ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub [email protected]
How can I undo this? I would actually like to reassign the key.
192.168.1.1
is the slave. -
S.R about 6 yearsIs there a way to do it more automatic why? Like
ssh-rm-id [email protected]
-
David Edwards about 6 years@S.R I'm not aware of a single command that automates this. In theory, you could "automate" it yourself with a little one-liner using
ssh
to run ased
command (or similar) to edit~/.ssh/authorized_keys
and remove the line. See superuser.com/questions/429954/… -
PerlDuck about 6 yearsThis might be a bit dangerous: you are grepping for the comment field of the key. It is an arbitrary string without any meaning and may be contained more than once. I'd grep either for the long
AAA....==
string (the actual key) or for the complete line fromid_rsa.pub
. But +1 for showing how to automate the removal of a key. -
Javi M. about 6 years@PerlDuck you are right. It is much better to use the key ($2) itself than the third field. Thank you.
-
Karsten over 4 years@Javi M. I encountered another issue. The forward slash used by default as the delimiter in sed was in my public key. As a result, I found it best to use a semicolon as the sed delimiter since it appears unlikely to show up in public key. To do this, it was necessary to first escape the character. I ended up with something like this:
ssh $remote "sed -i '\;$idssh;{d}' .ssh/authorized_keys"
-
Karsten over 4 yearsHere is some information on which characters can end up in a public key.
-
Javi M. over 4 yearsThanks @ccalvert. Based on your suggested comment I have approved chris-maes edition
-
mle_ii almost 4 yearsI am unable to make an edit as it's a single character and changes require more than that. I'm an Ubuntu noob, but I believe that the separator needs to be prefixed with the backslash \ character. At least that was the only way I could get this to actually remove the key line. So it should be
'\#$idssh#d'
instead. -
Javi M. over 3 years@mle_ii thaks for you fix