如何编写程序(脚本)以从〜/.ssh/known_hosts删除过时的主机密钥? [英] How can I write a program (script) to remove obsolete host keys from ~/.ssh/known_hosts?
问题描述
我使用了大约30台机器的集群,这些机器最近都已使用新的OpenSSH主机密钥进行了重新配置.当我尝试登录时,收到此错误消息(为简洁起见,删除了许多行):
I use a cluster of about 30 machines that have all recently been reconfigured with new OpenSSH host keys. When I try to log into one, I get this error message (many lines removed for brevity):
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
The fingerprint for the RSA key sent by the remote host is
52:bb:71:83:7e:d0:e2:66:92:0e:10:78:cf:a6:41:49.
Add correct host key in /home/nr/.ssh/known_hosts to get rid of this message.
Offending key in /home/nr/.ssh/known_hosts:50
我可以手动删除有问题的线路,在这种情况下,我会收到有关IP地址的其他投诉,这需要手动删除另一个线路,并且我不希望重复此练习29次.我想写一个程序来做.不幸的是,.ssh文件中的行不再像以前的版本那样以明文形式包含主机名和IP地址.
I can go remove the offending line manually, in which case I get a different complaint about the IP addresss, which requires removing another line manually, and I have no desire to repeat this exercise 29 times. I would like to write a program to do it. Unfortunately, the line in the .ssh file no longer contains the host name and IP address in clear text, as it did in earlier versions.
这是我的问题:
- 给出主机名和IP地址,我如何编写程序来找出我的
~/.ssh/known_hosts的哪些行中存储了该主机或IP地址的SSH主机密钥?
- Given a host name and an IP address, how can I write a program to find out which lines of my
~/.ssh/known_hostsstore an SSH host key for that host or IP address?
如果我可以恢复此信息,我想我可以自己做剩下的事情.
If I can recover this info, I think I can do the rest myself.
脚注:我更喜欢用bash/ksh/sh或C或Lua进行编码;我的Perl和Python非常生锈.
Footnote: I would prefer to code in bash/ksh/sh or C or Lua; my Perl and Python are very rusty.
说明:
-
我不想删除整个文件并重新填充它;它包含了一百多个我不想重新验证的验证密钥.
I don't want to remove the whole file and repopulate it; it contains over a hundred validated keys that I prefer not to re-validate.
无论我是维护一个主副本还是多个副本,清除大量陈旧主机密钥的问题仍然存在.
Whether I maintain a single master copy or multiple replicas, the problem of scrubbing away a large group of obsolete host keys remains.
这是我使用ssh-keygen -F编写的Lua脚本:
Here's the Lua script I wrote using ssh-keygen -F:
#!/usr/bin/env lua
require 'osutil'
require 'ioutil'
local known = os.getenv 'HOME' .. '/.ssh/known_hosts'
local function lines(name)
local lines = { }
for l in io.lines(name) do
table.insert(lines, l)
end
return lines
end
local function remove_line(host)
local f = io.popen('ssh-keygen -F ' .. os.quote(host))
for l in f:lines() do
local line = l:match '^# Host %S+ found: line (%d+) type %u+$'
if line then
local thelines = lines(known)
table.remove(thelines, assert(tonumber(line)))
table.insert(thelines, '')
io.set_contents(known, table.concat(thelines, '\n'))
return
end
end
io.stderr:write('Host ', host, ' not found in ', known, '\n')
end
for _, host in ipairs(arg) do
local ip = os.capture('ipaddress ' .. host)
remove_line(host)
remove_line(ip)
end
推荐答案
如果我想找出主机条目所在的行,
If I want to find out on what line the entry for a host lives,
ssh-keygen -F hostname
相同的技巧适用于IP地址.
The same trick works with IP addresses.
这篇关于如何编写程序(脚本)以从〜/.ssh/known_hosts删除过时的主机密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
