how to remove my key (ssh-keygen) when I do not know hostname? (But I know other things)
I made a huge mistake in creating .ssh without any caution and I want to get rid of them and go back to where I started off.
I ran commands in
ssh-keygen -t rsa -b 4096 -C
Your identification has been saved in /home/trenta/.ssh/id_rsa.
Your public key has been saved in /home/trenta/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
bash-4.1$ eval "$(ssh-agent -s)"
bash-4.1$ ssh-add ~/.ssh/id_rsa
bash-4.1$ ssh-keygen -y -f ~/.ssh/id_rsa
Enter passphrase: I want to go back now, and I am supposed to use
ssh -keygen -R hostnameBut, I do not know hostname, how can I get rid of the key?
Thank you!
12 Answers
Nothing to do, except remove the keys you created (~/.ssh/id_rsa and ~/.ssh/id_rsa.pub). A quick summary of how SSH works and the purpose of the various files.
- SSH without passwords works with "assymetric keys".
- This requires a pair of keys that you generate, one private (
~/.ssh/id_rsa) and one public (~/.ssh/id_rsa.pub). - During the login process, SSH uses you local private key to do something that can be checked on the other system using your public key.
- The public key doesn't need to be kept securely. On the other hand the private key should never leave your local system. You can protect it with a password if you think your local system (and its backups) isn't secure enough and someone else could get access to the key.
- To identify yourself on other systems, you give them your public key. On these other systems, the userids that you can login to have your public key added to their
~/.ssh/authorized_keysfile, which, as its name implies, collects the public keys of all the people that can log in as that userid. This is done either manually with an editor or using thessh-copy-idutility. - As an added protection (mostly useful when you use a password login AFAIK), the systems you connect to have an identifier. This identifier is sent to your system during the login process. If the identifier is not in your
known_hostsfile (which is the case the first time you connect to them), you are asked if you accept that identifier, and if so, it is added to your local~/.ssh/known_hosts. Normally this identifier should never change, so if you are asked again later to accept the identifier, better ask confirmation to some admin.
So, where you are: you have just generated a couple of public/private keys on your local system.
- As long as they aren't used anywhere you can just erase them, sight unseen.
- If you copied the public key on a system, you can remove it for cleanliness, but it is not a security risk as long as the private key hasn't been compromised.
- If someday you suspect that your private key has been compromised (you keep it without a password and somebody accessed your system or your backups), then you should in earnest have the matching public keys removed from the
authorized_keysof ids/systems where you copied it (from that point of view, theknown_hostsfile is a good clue of which systems hold a copy of your public key). Then you can generate a new pair, and copy the new public key to the necessary systems. - Normally you have no local
~/.ssh/authorized_keysunless you also login on your local system using SSH (but this is rare, and is best avoided) - One case where you want to remove a host from the
known_hostsfile, is when the identifier of that host changes for legitimate purposes (host is reinstalled or upgraded and the old identifier gets lost in the process, but you should be told by an admin). You then want to be able to add the new id to yourknown_hostsbut this cannot be done as long as the previous id is there. One solution is to eraseknown_hostsbut you'll have to re-accept the keys of all your remote hosts, or you usessh-keygen -R <host>to remove only the relevant obsolete key.
If you want to go back to ground zero, no ssh, just
rm -rf ~/.ssh(Thanks @PerlDuck for the reminder about the "r" to recurse)
Now, I think you may be confusing your keys with keys from other servers you ssh into; those are in clear text in ~/.ssh/known_hosts file - see how to manage my ssh known-hosts file
When trying to list files or directories that may begin with a period, be sure to add the "a" parm to the ls command, as files beginning with a "." are "hidden" from the basic ls command:
ls -la
