29

I have a 2 node hadoop cluster.

I ran this command on the master:

$ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@192.168.1.1

How can I undo this? I would actually like to reassign the key.

192.168.1.1 is the slave.

Alex Gordon
  • 894

2 Answers2

29

Identify the public key that you copied when you ran ssh-copy-id:

cat ~/.ssh/id_rsa.pub

SSH to the server you copied the key to:

ssh hadoop@192.168.1.1

Edit the file ~hadoop/.ssh/authorized_keys on 192.168.1.1 using your preferred editor, and delete the line containing your key.

David Edwards
  • 5,178
  • 3
    Is there a way to do it more automatic why? Like ssh-rm-id hadoop@192.168.1.1 – S.R Apr 18 '18 at 10:22
  • 2
    @S.R I'm not aware of a single command that automates this. In theory, you could "automate" it yourself with a little one-liner using ssh to run a sed command (or similar) to edit ~/.ssh/authorized_keys and remove the line. See https://superuser.com/questions/429954/command-to-remove-a-ssh-authorized-key-on-server – David Edwards Apr 18 '18 at 10:32
10

If you have done a ssh-copy-id like:

remote='user@machine'
ssh-copy-id -i $remote

So you can access this remote machine without using a password:

ssh $remote

To undo it programmatically, you can script something like:

idssh=$(awk '{print $2}' ~/.ssh/id_rsa.pub)
ssh $remote "sed -i '\#$idssh#d' .ssh/authorized_keys"

I use it in scripts I need to scp several files, so I ask only once for password.

Javi M.
  • 101
  • 1
    This might be a bit dangerous: you are grepping for the comment field of the key. It is an arbitrary string without any meaning and may be contained more than once. I'd grep either for the long AAA....== string (the actual key) or for the complete line from id_rsa.pub. But +1 for showing how to automate the removal of a key. – PerlDuck Jun 21 '18 at 09:57
  • 1
    @PerlDuck you are right. It is much better to use the key ($2) itself than the third field. Thank you. – Javi M. Jun 23 '18 at 09:46
  • @Javi M. I encountered another issue. The forward slash used by default as the delimiter in sed was in my public key. As a result, I found it best to use a semicolon as the sed delimiter since it appears unlikely to show up in public key. To do this, it was necessary to first escape the character. I ended up with something like this: ssh $remote "sed -i '\;$idssh;{d}' .ssh/authorized_keys" – ccalvert Oct 29 '19 at 22:11
  • Here is some information on which characters can end up in a public key. – ccalvert Oct 29 '19 at 22:20
  • Thanks @ccalvert. Based on your suggested comment I have approved chris-maes edition – Javi M. Jan 21 '20 at 11:12
  • I am unable to make an edit as it's a single character and changes require more than that. I'm an Ubuntu noob, but I believe that the separator needs to be prefixed with the backslash \ character. At least that was the only way I could get this to actually remove the key line. So it should be '\#$idssh#d' instead. – mle_ii Aug 20 '20 at 17:10
  • @mle_ii thaks for you fix – Javi M. Oct 20 '20 at 15:00