Solved

How to remove SSH certificate from Linux

Posted on 2014-12-22
20
234 Views
Last Modified: 2015-02-18
I'm getting into a right muddle trying to determine where the SSH certificate is stored and the reference to it (the .conf file) on a Linux machine. I have been through all the conf files I can find but can't figure out how to disable SSH i.e. using a certificate. I think I have successfully renamed the certificate file but I use Spiceworks and this is somehow reporting to me that my certificate has expired, so I need to disable this somewhere, right?

thanks in advance.
0
Comment
Question by:fuzzyfreak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
  • +4
20 Comments
 
LVL 7

Expert Comment

by:Deadman
ID: 40512728
ssh-keygen -R
0
 
LVL 5

Expert Comment

by:Dilip Patidar
ID: 40512780
Hello,

Please try this.
ssh-keygen -R hostname

Dilip Patel
0
 
LVL 58

Expert Comment

by:Gary
ID: 40513758
Question is a bit confusing - what are you trying to do exactly?
disable SSH i.e. using a certificate
Are you trying to go back to password based login?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Assisted Solution

by:cspatter
cspatter earned 150 total points
ID: 40513870
Disabling the certificate will not fix your security problem.  If you no longer need SSL then you can just turn off SSL by removing the SSL directives from your httpd.conf or ssl.conf under Apache.  If you want to renew your certificate then you need to either ask the CA to renew your certificate; or you need to start the CSR process over to obtain a new certificate.  The certificate and key files should be specified again in your httpd.conf or ssl.conf files.

If you turn of SSL successfully, you will be listening on standard ports (80 or 9080 or 8080)

Thanks,
Chris
0
 
LVL 58

Expert Comment

by:Gary
ID: 40513882
SSH not SSL - unless the OP made a typo
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 40514638
My apologies, yes, my bad, I meant SSL.  Just to give you some background. I use Spiceworks and it keeps nagging me about an expired certificate. We do not use SSL on our website, so I just need to disable the certificate (I am assuming that is all it will take to stop the message I see on my Spiceworks dashboard)
0
 
LVL 58

Expert Comment

by:Gary
ID: 40514932
@cspatter has it right then
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 40515086
just turn off SSL by removing the SSL directives from your httpd.conf or ssl.conf under Apache

This is where I am muddled, I cannot find reference to SSL in any of my .conf files. Where do I start?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40515102
No points or this
Search for 443 in your httpd.conf file or the ssl.conf file - remove the whole block <virtualhost>...
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40517606
Look in the following directories for the files that Gary mentioned:

/etc/httpd/conf
/etc/httpd/conf.d
0
 
LVL 62

Expert Comment

by:gheist
ID: 40521665
uninstalling mod_ssl (or mod_gnutls or nod_nss)(tell your distribution to get command) will disable apache SSL listener for good.
It still does not free from task to upgrade OpenSSL/GnuTLS/NSS.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 40544833
There is no directory called /etc/httpd/
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40545010
Where are your http configuration files?  Those are the normal directories.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40545036
Maybe share your linux distribution and version so we dont pinch in the dark?
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 40546587
Ubuntu 12.04 LTS (Precise)
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 350 total points
ID: 40546876
Should be 12.04.5 (Precise) by now.

apache config files are in /etc/apache2
Namely enabled modules are listed in ./mods_enabled

Please first upgrade your system to plug security holes, then disable what is no longer needed.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 40564049
I have got as far as looking in the /etc/apache2 directory as per comment above, but only .conf files in there are apache2.conf, ports.conf and httpd.conf - the latter being empty.
443 does exist in ports.conf - see below - which line do I remove/comment out?

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>
0
 
LVL 62

Accepted Solution

by:
gheist earned 350 total points
ID: 40564214
Comment out both listen 443 lines and that should do it.
0
 
LVL 4

Author Closing Comment

by:fuzzyfreak
ID: 40616841
Apologies for being so lax and confused on this issue, thanks all for your help.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40617326
Dont panic. Now it is time tu upgrade glibc on your server too...
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Zimbra on Amazon Linux help 7 158
Apache LDAP Authentication 20 72
Migrating a Linux server to VMware 3 140
Install XRDP on Ubuntu Server 16.10 x64 3 116
Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question