# Rotate all ssh keys on servers for certain users

- create new key with name scheme
- copy to server to
  - $ADMIN/.ssh (to be ended for admin user)
  - /etc/ssh/authorized_keys--master
  - /etc/ssh/authorized_keys/$USER

Then remove old key

Store ssh key name for current period

## Scripts

### rotate-ssh-keys.sh

Will create a new key and deploy on the server and move the PEM part to the
local SSH folder

### remove-old-ssh-keys.sh

Will check in the previous ssh public key folder and remove this entry from the remote server

### Options

- -h override single host name
- -u override user name for a host
- -f force key change
- -n dry run