removing keys from ssh-agent without having key file
Damien Miller
djm at mindrot.org
Mon Jan 4 18:25:15 AEDT 2016
On Fri, 1 Jan 2016, Matthew Boedicker wrote:
> ssh-agent does not allow you to remove individual keys without having the
> key file that was added. To remove these keys the user must remove all keys
> with ssh-add -D.
No, you only need the public key and you can get that from the agent
itself if you don't happen to have it laying around.
[djm at fuyu tmp]$ ssh-keygen -q -t ed25519 -f k1 -N ''
[djm at fuyu tmp]$ ssh-keygen -q -t ed25519 -f k2 -N ''
[djm at fuyu tmp]$ ssh-add k1 k2
Identity added: k1 (djm at fuyu.mindrot.org)
Identity added: k2 (djm at fuyu.mindrot.org)
[djm at fuyu tmp]$ ssh-add -L
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJmyuVthrSvC6RMly/gJyAd1oFo8NggUUAV0JKvW9V4 djm at fuyu.mindrot.org
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFk1eV8abvdBGAJINxDZ2fK9btsLUlHmPL9DPBDhh/MP djm at fuyu.mindrot.org
[djm at fuyu tmp]$ rm k1* k2*
[djm at fuyu tmp]$ ssh-add -L | head -1 > k1.pub
[djm at fuyu tmp]$ ssh-add -d k1
Identity removed: k1 (djm at fuyu.mindrot.org)
[djm at fuyu tmp]$ ssh-add -L
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFk1eV8abvdBGAJINxDZ2fK9btsLUlHmPL9DPBDhh/MP djm at fuyu.mindrot.org
-d
More information about the openssh-unix-dev
mailing list