Skip to content

Instantly share code, notes, and snippets.

@robacarp
Last active Aug 29, 2015
Embed
What would you like to do?
Bash script to rekey a server (untested)
#!/bin/bash
set -e
hostname
archive_dir="/etc/ssh/compromised_keys/$(date +%F)"
mkdir -p $archive_dir
mv /etc/ssh/ssh*_key $archive_dir
mv /etc/ssh/ssh*_key.pub $archive_dir
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa >> $archive_dir/regen_log
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa >> $archive_dir/regen_log
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa >> $archive_dir/regen_log
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key
ssh-keygen -lf /etc/ssh/ssh_host_dsa_key
ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment