Re: ssh host ip/id management for dynamic dns servers
On 02/11/2014 02:56 PM, Zenaan Harkness wrote:
> On 2/11/14, Brian <ad44@cityscape.co.uk> wrote:
>> On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote:
>>> I'm wondering:
>>> 1) how to easily clean known_hosts
>>
>> ssh-keygen with the -R option.
>
> Sounds great! (also, the CheckHostIP = no option looks very useful in
> this regard, thanks Karl)
>
> However - it seems to not work for me? :
>
> $ HOST=raptor
> $ ssh-keygen -r $HOST
> raptor IN SSHFP 1 1 81488c713a821a5d232fadaaf57ec9699e3e3a5e
> raptor IN SSHFP 1 2
> 928b7a09cce6c42e52ded51ad8e49b6bc24afa23adc62c7c51b7507ec30aac31
> raptor IN SSHFP 2 1 137e0fd7551bd8485b91935274d8f1afcf6be3ba
> raptor IN SSHFP 2 2
> b2e15796502c956b5ecaf4c66848390b11d79ebe16ecbf5efb838630d5ae3846
> raptor IN SSHFP 3 1 a7abbd8e090c23371fd335d7bd01fc8238edd08a
> raptor IN SSHFP 3 2
> 5002cd18247173fc72d979ee2f50185d5f5ac72e2e7ecf02f77c7de8b5a6dcc7
> $ ssh-keygen -R $HOST
> /home/justa/.ssh/known_hosts updated.
> Original contents retained as /home/justa/.ssh/known_hosts.old
> $ ssh-keygen -r $HOST
> raptor IN SSHFP 1 1 81488c713a821a5d232fadaaf57ec9699e3e3a5e
> raptor IN SSHFP 1 2
> 928b7a09cce6c42e52ded51ad8e49b6bc24afa23adc62c7c51b7507ec30aac31
> raptor IN SSHFP 2 1 137e0fd7551bd8485b91935274d8f1afcf6be3ba
> raptor IN SSHFP 2 2
> b2e15796502c956b5ecaf4c66848390b11d79ebe16ecbf5efb838630d5ae3846
> raptor IN SSHFP 3 1 a7abbd8e090c23371fd335d7bd01fc8238edd08a
> raptor IN SSHFP 3 2
> 5002cd18247173fc72d979ee2f50185d5f5ac72e2e7ecf02f77c7de8b5a6dcc7
>
> So it looks like the host "raptor" is not removed from known_hosts.. ??
>
>
ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to
check known_hosts. For me, ssh-keygen -R does not remove all the
dynamically generated host keys, however. I've not yet identified what
confounds ssh-keygen.
Regards,
/Lars
Reply to: