Palo Alto Networks Knowledgebase: How to Delete SSH Host Key Certificates

How to Delete SSH Host Key Certificates

5892
Created On 02/07/19 23:48 PM - Last Updated 02/07/19 23:49 PM
Content Release Deployment
Resolution

Overview

This document describes the CLI commands to delete stored DSA/RSA key pairs on the Palo Alto Networks devices.

 

PAN-OS 5.0, 6.0, 6.1

To delete entry for a specific host for a specific user (ex. admin):

> delete  user-file ssh-known-hosts user ip <ipaddress>  username admin

 

To delete entry for a specific host for all users:

> delete user-file ssh-known-hosts user ip <ipaddress>  username all

 

To delete entries for all hosts for a specific user (ex. admin):

> delete user-file ssh-known-hosts user username admin

 

To delete entries for all hosts and for all users:

> delete user-file ssh-known-hosts user username all

 

To delete entries for all hosts for user logged in:

> delete user-file ssh-known-hosts self

 

PAN-OS 7.0

To delete entry for a specific host for a specific user (ex. admin):

> delete authentication user-file ssh-known-hosts user ip <ipaddress>  username admin

 

To delete entry for a specific host for all users:

> delete authentication user-file ssh-known-hosts user ip <ipaddress>  username all

 

To delete entries for all hosts for a specific user (ex. admin):

> delete authentication user-file ssh-known-hosts user username admin

 

To delete entries for all hosts and for all users:

> delete authentication user-file ssh-known-hosts user username all

 

To Delete entries for all hosts for user logged in:

> delete authentication user-file ssh-known-hosts self

 

Once the key is deleted and when the user tries to access the host the next time, there will be a prompt with the warning, RSA Key fingerprint adding to the list of known hosts, as shown below:

Capture11.PNG

 

owner: knarra1



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0gCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language