On Fri, 2010-05-28 at 17:38 +0200, Elimar Riesebieter wrote: > * John A. Sullivan III [100528 11:06 -0400] > > On Fri, 2010-05-28 at 15:52 +0200, Elimar Riesebieter wrote: > > > * John A. Sullivan III [100528 09:19 -0400] > > > > On Fri, 2010-05-28 at 14:45 +0200, François TOURDE wrote: > > > [...] > > > > > > > > > > Don't use sed nor awk... > > > > > > > > > > man ssh-keygen say: > > > > > > > > > > -R hostname > > > > > Removes all keys belonging to hostname from a > > > > > known_hosts file. This option is useful to delete hashed > > > > > hosts (see the -H option above). > > > > > > > > > > > > > > Yes, exactly. We use that all the time for similar reasons. One caveat > > > > - if you use a non-standard port (which we regularly do for security > > > > with such a dangerous application), the host must be specified as > > > > [hostname]:port, e.g., ssh-keygen -R [comp1.mycompany.com]:222 > > > > > > How to remove _all_ ip's from hosts with a dynamic IP such as dyndns > > > hosts? > > <snip> > > I'm not sure I understand the question. If you mean how to remove all > > entries in known_hosts which pertain to hosts with dynamic IP addresses, > > assuming you know the host name and use the hostname in your ssh > > command, then you will want to remove the entry by using the hostname > > and the IP address is not an issue. If there are entries for the IP > > address and these are causing a problem, then one needs to remove the > > entry for the IP address. Depending on whether or not there is a custom > > port, the syntax would be either: > > It should not be possible: > > Host a.dyn.dns has ip 1.2.3.4 > > 24 h later: > > Host a.dyn.dns has ip 1.2.10.11 > and maybe > host b.dyn.dns has 1.2.3.4 > > This information ssh-keygen is missing so it shouldn't be possible > to > ssh-keygen -R a.dyn.dns > and it would remove all ip's this host ever had, isn't it? I'm not that familiar with the way known_hosts is recorded and all my known_host files are hashed so I can't look at them (and I am not an ssh expert by any stretch of the imagination!). However, I thought if one connect via name, an entry was made using the name and if one connected via IP address a different entry was made using the IP address. I'm not 100% sure though. Sorry I can't be of more help - John
-- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1275065132.3501.15.ca...@localhost