Find & Remove an old SSH Key for all users

From Wiki

Jump to: navigation, search

With changing to a new mailserver, we had to revoke individual sshkeys in known_hosts, and add in a default system one instead.

#!/bin/bash
# Script to find old ssh keys of mail on oldserver, and to comment them out.

HOSTKEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAl1NYD26bFvDqUVXuVjZuerXA1D4sx3qJ/aT7kN9oc4Z9r8uEYUyiE1ZwyjtrGQY6AZtfVo3qkNzxqpziRrf4uPVYQ+9128bEkpByCx4GGtbBzcbxa5cuRhNpYgQDyK2Dt+P03yq5M2QFmnVJPDOr8Fjf8pImUGawUeYl1XLZwkM="

for user in `ls /home/`
do

       if [ -f "/home/$user/.ssh/known_hosts" ]; then
               echo "Doing User Search and Replace for $user"

       mv /home/$user/.ssh/known_hosts /home/$user/.ssh/known_hosts.bak
           grep -v "^[^#]*\($HOSTKEY\)" < /home/$user/.ssh/known_hosts.bak > /home/$user/.ssh/known_hosts
               chown $user:users /home/$user/.ssh/known_hosts
       fi
done

"grep -v" was used to select the "inverse" of a search string.

Personal tools