Re: removing keys from ssh-agent without having key file

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks Damien. It's good to know that this is possible and how to do it.

It might be nice if ssh-add did this for you during ssh-add -d. Is there
any reason it couldn't always get the key blob from the agent and send it
back for removal instead of using the filesystem?

On Sun, Jan 3, 2016 at 11:25 PM, Damien Miller <djm@xxxxxxxxxxx> wrote:

> On Fri, 1 Jan 2016, Matthew Boedicker wrote:
>
> > ssh-agent does not allow you to remove individual keys without having the
> > key file that was added. To remove these keys the user must remove all
> keys
> > with ssh-add -D.
>
> No, you only need the public key and you can get that from the agent
> itself if you don't happen to have it laying around.
>
> [djm@fuyu tmp]$ ssh-keygen -q -t ed25519 -f k1 -N ''
> [djm@fuyu tmp]$ ssh-keygen -q -t ed25519 -f k2 -N ''
> [djm@fuyu tmp]$ ssh-add k1 k2
> Identity added: k1 (djm@xxxxxxxxxxxxxxxx)
> Identity added: k2 (djm@xxxxxxxxxxxxxxxx)
> [djm@fuyu tmp]$ ssh-add -L
> ssh-ed25519
> AAAAC3NzaC1lZDI1NTE5AAAAIKJmyuVthrSvC6RMly/gJyAd1oFo8NggUUAV0JKvW9V4
> djm@xxxxxxxxxxxxxxxx
> ssh-ed25519
> AAAAC3NzaC1lZDI1NTE5AAAAIFk1eV8abvdBGAJINxDZ2fK9btsLUlHmPL9DPBDhh/MP
> djm@xxxxxxxxxxxxxxxx
> [djm@fuyu tmp]$ rm k1* k2*
> [djm@fuyu tmp]$ ssh-add -L | head -1 > k1.pub
> [djm@fuyu tmp]$ ssh-add -d k1
> Identity removed: k1 (djm@xxxxxxxxxxxxxxxx)
> [djm@fuyu tmp]$ ssh-add -L
> ssh-ed25519
> AAAAC3NzaC1lZDI1NTE5AAAAIFk1eV8abvdBGAJINxDZ2fK9btsLUlHmPL9DPBDhh/MP
> djm@xxxxxxxxxxxxxxxx
>
> -d
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux