Rotate all ssh keys on servers for certain users

• create new key with name scheme
• copy to server to
  • $ADMIN/.ssh (to be ended for admin user)
  • /etc/ssh/authorized_keys--master
  • /etc/ssh/authorized_keys/$USER

Then remove old key

Store ssh key name for current period

Scripts

rotate-ssh-keys.sh

Will create a new key and deploy on the server and move the PEM part to the local SSH folder

remove-old-ssh-keys.sh

Will check in the previous ssh public key folder and remove this entry from the remote server

Options

• -h override single host name
• -u override user name for a host
• -f force key change
• -n dry run