On Fri, 1 Jan 2016, Matthew Boedicker wrote: > ssh-agent does not allow you to remove individual keys without having the > key file that was added. To remove these keys the user must remove all keys > with ssh-add -D. No, you only need the public key and you can get that from the agent itself if you don't happen to have it laying around. [djm@fuyu tmp]$ ssh-keygen -q -t ed25519 -f k1 -N '' [djm@fuyu tmp]$ ssh-keygen -q -t ed25519 -f k2 -N '' [djm@fuyu tmp]$ ssh-add k1 k2 Identity added: k1 (djm@xxxxxxxxxxxxxxxx) Identity added: k2 (djm@xxxxxxxxxxxxxxxx) [djm@fuyu tmp]$ ssh-add -L ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJmyuVthrSvC6RMly/gJyAd1oFo8NggUUAV0JKvW9V4 djm@xxxxxxxxxxxxxxxx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFk1eV8abvdBGAJINxDZ2fK9btsLUlHmPL9DPBDhh/MP djm@xxxxxxxxxxxxxxxx [djm@fuyu tmp]$ rm k1* k2* [djm@fuyu tmp]$ ssh-add -L | head -1 > k1.pub [djm@fuyu tmp]$ ssh-add -d k1 Identity removed: k1 (djm@xxxxxxxxxxxxxxxx) [djm@fuyu tmp]$ ssh-add -L ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFk1eV8abvdBGAJINxDZ2fK9btsLUlHmPL9DPBDhh/MP djm@xxxxxxxxxxxxxxxx -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev