我目前在服务器上上传了一个旧的 SSH key 。问题是我丢失了我的 ~/.ssh
目录(包含原始的 id_rsa
和 id_rsa.pub
文件)。
因此,我想直接在服务器上删除旧的 SSH key 并上传新 key 。
我尝试了以下命令但没有成功:
$> ssh-add -D
有没有办法完全删除 SSH key ?
最佳答案
请注意,对于 ssh-add -d/-D
not 删除 key ,至少有两个错误报告:
- "Debian Bug report #472477:
ssh-add -D
does not remove SSH key fromgnome-keyring-daemon
memory " - "Ubuntu:
ssh-add -D
deleting all identities does not work. Also, why are all identities auto-added? "
确切的问题是:
ssh-add -d/-D
deletes only manually added keys from gnome-keyring.
There is no way to delete automatically added keys.
This is the original bug, and it's still definitely present.So, for example, if you have two different automatically-loaded ssh identities associated with two different GitHub accounts -- say for work and for home -- there's no way to switch between them. GitHubtakes the first one which matches, so you always appear as your 'home' user to GitHub, with no way to upload things to work projects.
Allowing
ssh-add -d
to apply to automatically-loaded keys (andssh-add -t X
to change the lifetime of automatically-loaded keys), would restore the behavior most users expect.
更准确地说,关于这个问题:
The culprit is
gpg-keyring-daemon
:
- It subverts the normal operation of ssh-agent, mostly just so that it can pop up a pretty box into which you can type the passphrase for an encrypted ssh key.
- And it paws through your
.ssh
directory, and automatically adds any keys it finds to your agent.- And it won't let you delete those keys.
How do we hate this? Let's not count the ways -- life's too short.
The failure is compounded because newer ssh clients automatically try all the keys in your ssh-agent when connecting to a host.
If there are too many, the server will reject the connection.
And since gnome-keyring-daemon has decided for itself how many keys you want your ssh-agent to have, and has autoloaded them, AND WON'T LET YOU DELETE THEM, you're toast.
这个错误在 Ubuntu 14.04.4 中仍然得到确认,最近两天前(2014 年 8 月 21 日)
可能的解决方法:
- Do
ssh-add -D
to delete all your manually added keys. This also locks the automatically added keys, but is not much use sincegnome-keyring
will ask you to unlock them anyways when you try doing agit push
.- Navigate to your
~/.ssh
folder and move all your key files except the one you want to identify with into a separate folder called backup. If necessary you can also open seahorse and delete the keys from there.- Now you should be able to do
git push
without a problem.
另一种解决方法:
What you really want to do is to turn off
gpg-keyring-daemon
altogether.
Go toSystem --> Preferences --> Startup Applications
, and unselect the "SSH Key Agent (Gnome Keyring SSH Agent)
" box -- you'll need to scroll down to find it.You'll still get an
ssh-agent
, only now it will behave sanely: no keys autoloaded, you run ssh-add to add them, and if you want to delete keys, you can. Imagine that.
This comments实际上建议:
The solution is to keep
gnome-keyring-manager
from ever starting up, which was strangely difficult by finally achieved by removing the program file's execute permission.
Ryan Lue添加另一个有趣的角落案例 in the comments :
In case this helps anyone: I even tried deleting the
id_rsa
andid_rsa.pub
files altogether, and the key was still showing up.Turns out
gpg-agent
was caching them in a~/.gnupg/sshcontrol
file; I had to manually delete them from there.
当 the keygrip
时就是这种情况已添加as in here .
关于git - 如何删除 SSH key ?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25464930/