On 02/11/2014 02:56 PM, Zenaan Harkness wrote: > On 2/11/14, Brian <a...@cityscape.co.uk> wrote: >> On Tue 11 Feb 2014 at 10:10:37 +1100, Zenaan Harkness wrote: >>> I'm wondering: >>> 1) how to easily clean known_hosts >> >> ssh-keygen with the -R option. > > Sounds great! (also, the CheckHostIP = no option looks very useful in > this regard, thanks Karl) > > However - it seems to not work for me? : > > $ HOST=raptor > $ ssh-keygen -r $HOST > raptor IN SSHFP 1 1 81488c713a821a5d232fadaaf57ec9699e3e3a5e > raptor IN SSHFP 1 2 > 928b7a09cce6c42e52ded51ad8e49b6bc24afa23adc62c7c51b7507ec30aac31 > raptor IN SSHFP 2 1 137e0fd7551bd8485b91935274d8f1afcf6be3ba > raptor IN SSHFP 2 2 > b2e15796502c956b5ecaf4c66848390b11d79ebe16ecbf5efb838630d5ae3846 > raptor IN SSHFP 3 1 a7abbd8e090c23371fd335d7bd01fc8238edd08a > raptor IN SSHFP 3 2 > 5002cd18247173fc72d979ee2f50185d5f5ac72e2e7ecf02f77c7de8b5a6dcc7 > $ ssh-keygen -R $HOST > /home/justa/.ssh/known_hosts updated. > Original contents retained as /home/justa/.ssh/known_hosts.old > $ ssh-keygen -r $HOST > raptor IN SSHFP 1 1 81488c713a821a5d232fadaaf57ec9699e3e3a5e > raptor IN SSHFP 1 2 > 928b7a09cce6c42e52ded51ad8e49b6bc24afa23adc62c7c51b7507ec30aac31 > raptor IN SSHFP 2 1 137e0fd7551bd8485b91935274d8f1afcf6be3ba > raptor IN SSHFP 2 2 > b2e15796502c956b5ecaf4c66848390b11d79ebe16ecbf5efb838630d5ae3846 > raptor IN SSHFP 3 1 a7abbd8e090c23371fd335d7bd01fc8238edd08a > raptor IN SSHFP 3 2 > 5002cd18247173fc72d979ee2f50185d5f5ac72e2e7ecf02f77c7de8b5a6dcc7 > > So it looks like the host "raptor" is not removed from known_hosts.. ?? > > ssh-keygen -r checks the SSHFP record in DNS. Use grep or something to check known_hosts. For me, ssh-keygen -R does not remove all the dynamically generated host keys, however. I've not yet identified what confounds ssh-keygen.
Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52fa2412.3020...@gmail.com