3

Unfortunately I forgot my id_rsa key passphrase. Since the only solution I found so far is to reset the key by a new SSH key. I now have the problem that I need to add the new key to each server I'm connected to. Is there a possibility to do this automatically? Maybe by copying the information from the "known_hosts" file of the old key to the new one?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Jürgen K.
  • 3,427
  • 9
  • 30
  • 66
  • 1
    Do you have SSH access with a user/pass login? Otherwise you have to physically get to each server. – kabanus Nov 23 '17 at 14:16
  • I have both. In github for example I need the passphrase and the password – Jürgen K. Nov 23 '17 at 14:18
  • So basically the answer is a no. I get it, what happens if I copy the known hosts to the new list of the known hosts which is empty at this point of time? – Jürgen K. Nov 23 '17 at 14:26

1 Answers1

1

This is not quite a duplicate of How to reset or change the passphrase for a GitHub SSH key?, but the answer there is valid.

You have to remember that the whole point of the passphrase mechanism was to prevent access by untrusted hosts. The machinery is specifically setup so only a machine with the proper passphrase (or several) can connect to the server.

The known hosts are only useful to you as a todo list. You need to access one by one somehow (not SSH), to send the new passphrase you generated. The known hosts itself is not the security mechanism, it's just a small part (the less important part, security can do without). It will save you typing some ys in the future.

I'm sorry to say you have to manually get to each machine. If by some miracle you had another vpnish API that all your servers shared you could automate that, but most of us don't.

kabanus
  • 24,623
  • 6
  • 41
  • 74