[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass-updating cached hosts keys afrer ssh security upgrade?

In article <200807211843.31332.jw@mailsw.com> you wrote:
> I've been trying to go through all the known_hosts files manually and update 
> them to give my users a break, but it's a tedious nightmare. Adding to the 
> complexity is that many of the known_hosts files are armored (the hostname/ip 
> address is not in plain text).

What kind of hosts are those? I would add all your machines to all
system-known_hosts and then delete the entries from user files.

The later can be done with a shell script, and you should ask your users to
run it themself. Just consisting of a loop, reading the hosts from
/etc/ssh/known_hosts and deleting them via

ssh-keygen -R "$host"


Reply to: