30 lines
651 B
Markdown
30 lines
651 B
Markdown
# Rotate all ssh keys on servers for certain users
|
|
|
|
- create new key with name scheme
|
|
- copy to server to
|
|
- $ADMIN/.ssh (to be ended for admin user)
|
|
- /etc/ssh/authorized_keys--master
|
|
- /etc/ssh/authorized_keys/$USER
|
|
|
|
Then remove old key
|
|
|
|
Store ssh key name for current period
|
|
|
|
## Scripts
|
|
|
|
### rotate-ssh-keys.sh
|
|
|
|
Will create a new key and deploy on the server and move the PEM part to the
|
|
local SSH folder
|
|
|
|
### remove-old-ssh-keys.sh
|
|
|
|
Will check in the previous ssh public key folder and remove this entry from the remote server
|
|
|
|
### Options
|
|
|
|
- -h override single host name
|
|
- -u override user name for a host
|
|
- -f force key change
|
|
- -n dry run
|