Re: Mass-updating cached hosts keys afrer ssh security upgrade?
In article <email@example.com> you wrote:
> I've been trying to go through all the known_hosts files manually and update
> them to give my users a break, but it's a tedious nightmare. Adding to the
> complexity is that many of the known_hosts files are armored (the hostname/ip
> address is not in plain text).
What kind of hosts are those? I would add all your machines to all
system-known_hosts and then delete the entries from user files.
The later can be done with a shell script, and you should ask your users to
run it themself. Just consisting of a loop, reading the hosts from
/etc/ssh/known_hosts and deleting them via
ssh-keygen -R "$host"