How to undo an ssh-copy-id?

Question

I have a 2 node hadoop cluster.

I ran this command on the master:

$ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@192.168.1.1

How can I undo this? I would actually like to reassign the key.

192.168.1.1 is the slave.

score 25 · Accepted Answer · answered Jul 08 '13 at 10:14

25

Identify the public key that you copied when you ran ssh-copy-id:

cat ~/.ssh/id_rsa.pub

SSH to the server you copied the key to:

ssh hadoop@192.168.1.1

Edit the file ~hadoop/.ssh/authorized_keys on 192.168.1.1 using your preferred editor, and delete the line containing your key.

answered Jul 08 '13 at 10:14

David Edwards

5,088
3
33
45

2

Is there a way to do it more automatic why? Like `ssh-rm-id hadoop@192.168.1.1` – S.R Apr 18 '18 at 10:22
1

@S.R I'm not aware of a single command that automates this. In theory, you could "automate" it yourself with a little one-liner using `ssh` to run a `sed` command (or similar) to edit `~/.ssh/authorized_keys` and remove the line. See https://superuser.com/questions/429954/command-to-remove-a-ssh-authorized-key-on-server – David Edwards Apr 18 '18 at 10:32

Javi M. · Answer 2 · 2020-10-20T14:58:55.820

9

If you have done a ssh-copy-id like:

remote='user@machine'
ssh-copy-id -i $remote

So you can access this remote machine without using a password:

ssh $remote

To undo it programmatically, you can script something like:

idssh=$(awk '{print $2}' ~/.ssh/id_rsa.pub)
ssh $remote "sed -i '\#$idssh#d' .ssh/authorized_keys"

I use it in scripts I need to scp several files, so I ask only once for password.

edited Oct 20 '20 at 14:58

answered Jun 21 '18 at 09:48

Javi M.

91
1
5

1

This might be a bit dangerous: you are grepping for the _comment field_ of the key. It is an arbitrary string without any meaning and may be contained more than once. I'd grep either for the long `AAA....==` string (the actual key) or for the complete line from `id_rsa.pub`. But +1 for showing how to automate the removal of a key. – PerlDuck Jun 21 '18 at 09:57
1

@PerlDuck you are right. It is much better to use the key ($2) itself than the third field. Thank you. – Javi M. Jun 23 '18 at 09:46
@Javi M. I encountered another issue. The forward slash used by default as the delimiter in sed was in my public key. As a result, I found it best to use a semicolon as the sed delimiter since it appears unlikely to show up in public key. To do this, it was necessary to first escape the character. I ended up with something like this: ```ssh $remote "sed -i '\;$idssh;{d}' .ssh/authorized_keys"``` – ccalvert Oct 29 '19 at 22:11
[Here](https://stackoverflow.com/a/38829833/253576) is some information on which characters can end up in a public key. – ccalvert Oct 29 '19 at 22:20
Thanks @ccalvert. Based on your suggested comment I have approved chris-maes edition – Javi M. Jan 21 '20 at 11:12
I am unable to make an edit as it's a single character and changes require more than that. I'm an Ubuntu noob, but I believe that the separator needs to be prefixed with the backslash \ character. At least that was the only way I could get this to actually remove the key line. So it should be `'\#$idssh#d'` instead. – mle_ii Aug 20 '20 at 17:10
@mle_ii thaks for you fix – Javi M. Oct 20 '20 at 15:00

How to undo an ssh-copy-id?

2 Answers2