Help

RSA Key Removal Scripting Question

Go to solution
zskidmor
Contributor

Posted on ‎09-04-2013 06:53 AM

Hey all:
Pretty new to JAMF Casper and shell scripting but I am having an issue that probably has a simple fix. We have users connecting a server via SSH in Terminal in a computer lab. We recently replaced the server so the RSA key has changed. I want to script the removal of the old RSA key from users home directories (stored in /Users/(Insert Username Here)/.ssh/ and have it run once per user as a policy

When I run it as a policy, Casper tries to use the /var/root/.ssh as the working directory except I want the working directory for it to use as the current user's home directory.
The script I have runs as follows:

ssh-keygen -R (insert my server name here)

before that command runs I have tried to use cd and change it to $user and tried "$3" since that is a built in variable casper creates but the command continues to run from /var/root so it bombs out. Any advice on how to make sure Casper uses the current working directory would be appreciated

Thanks!

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
SamF
Contributor II
Contributor II

Posted on ‎09-05-2013 11:06 AM

I was able to successfully run the command on my box, and it prompted me to trust the host after attempting to SSH to the sever again. What if you pull out the variables and try running it locally?

ssh-keygen -R (server name) -f /Users/UserName/.ssh/known_hosts

View solution in original post

0 Kudos
Reply
4 REPLIES 4

Go to solution
SamF
Contributor II
Contributor II

Posted on ‎09-04-2013 08:36 AM

It sound like you'll need to create a variable to gather the username or run the script at login with $3 populating the username. Try something like this and see if it gets you the desired results:

#!/bin/bash

user=`defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName`
ssh-keygen -R (server name) -f /Users/$user/.ssh/known_hosts
0 Kudos
Reply

Go to solution
zskidmor
Contributor

Posted on ‎09-05-2013 11:00 AM

Thanks! unfortunatly it looks like you can't use ssh-keygen -R and -f in the same command (Too many arguments), is there a way to split this into two commands and still have it work?

0 Kudos
Reply

Go to solution
SamF
Contributor II
Contributor II

Posted on ‎09-05-2013 11:06 AM

I was able to successfully run the command on my box, and it prompted me to trust the host after attempting to SSH to the sever again. What if you pull out the variables and try running it locally?

ssh-keygen -R (server name) -f /Users/UserName/.ssh/known_hosts

0 Kudos
Reply

Go to solution
zskidmor
Contributor

Posted on ‎09-30-2013 07:45 AM

We ended up resolving this issue a different way (we actually fixed the root cause of what was prompting me to try to remove the existing key). We had discovered that the systems that had the RSA key were not in fact wiped like they should have been so we took care it that way. Thanks for the help Sam!

0 Kudos
Reply