[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

How to remove SSH certificate from Linux

I'm getting into a right muddle trying to determine where the SSH certificate is stored and the reference to it (the .conf file) on a Linux machine. I have been through all the conf files I can find but can't figure out how to disable SSH i.e. using a certificate. I think I have successfully renamed the certificate file but I use Spiceworks and this is somehow reporting to me that my certificate has expired, so I need to disable this somewhere, right?

thanks in advance.
0
fuzzyfreak
Asked:
fuzzyfreak
  • 6
  • 5
  • 4
  • +4
3 Solutions
 
DeadmanCommented:
ssh-keygen -R
0
 
Dilip PatidarCommented:
Hello,

Please try this.
ssh-keygen -R hostname

Dilip Patel
0
 
GaryCommented:
Question is a bit confusing - what are you trying to do exactly?
disable SSH i.e. using a certificate
Are you trying to go back to password based login?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
cspatterCommented:
Disabling the certificate will not fix your security problem.  If you no longer need SSL then you can just turn off SSL by removing the SSL directives from your httpd.conf or ssl.conf under Apache.  If you want to renew your certificate then you need to either ask the CA to renew your certificate; or you need to start the CSR process over to obtain a new certificate.  The certificate and key files should be specified again in your httpd.conf or ssl.conf files.

If you turn of SSL successfully, you will be listening on standard ports (80 or 9080 or 8080)

Thanks,
Chris
0
 
GaryCommented:
SSH not SSL - unless the OP made a typo
0
 
fuzzyfreakAuthor Commented:
My apologies, yes, my bad, I meant SSL.  Just to give you some background. I use Spiceworks and it keeps nagging me about an expired certificate. We do not use SSL on our website, so I just need to disable the certificate (I am assuming that is all it will take to stop the message I see on my Spiceworks dashboard)
0
 
GaryCommented:
@cspatter has it right then
0
 
fuzzyfreakAuthor Commented:
just turn off SSL by removing the SSL directives from your httpd.conf or ssl.conf under Apache

This is where I am muddled, I cannot find reference to SSL in any of my .conf files. Where do I start?
0
 
GaryCommented:
No points or this
Search for 443 in your httpd.conf file or the ssl.conf file - remove the whole block <virtualhost>...
0
 
giltjrCommented:
Look in the following directories for the files that Gary mentioned:

/etc/httpd/conf
/etc/httpd/conf.d
0
 
gheistCommented:
uninstalling mod_ssl (or mod_gnutls or nod_nss)(tell your distribution to get command) will disable apache SSL listener for good.
It still does not free from task to upgrade OpenSSL/GnuTLS/NSS.
0
 
fuzzyfreakAuthor Commented:
There is no directory called /etc/httpd/
0
 
giltjrCommented:
Where are your http configuration files?  Those are the normal directories.
0
 
gheistCommented:
Maybe share your linux distribution and version so we dont pinch in the dark?
0
 
fuzzyfreakAuthor Commented:
Ubuntu 12.04 LTS (Precise)
0
 
gheistCommented:
Should be 12.04.5 (Precise) by now.

apache config files are in /etc/apache2
Namely enabled modules are listed in ./mods_enabled

Please first upgrade your system to plug security holes, then disable what is no longer needed.
0
 
fuzzyfreakAuthor Commented:
I have got as far as looking in the /etc/apache2 directory as per comment above, but only .conf files in there are apache2.conf, ports.conf and httpd.conf - the latter being empty.
443 does exist in ports.conf - see below - which line do I remove/comment out?

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>
0
 
gheistCommented:
Comment out both listen 443 lines and that should do it.
0
 
fuzzyfreakAuthor Commented:
Apologies for being so lax and confused on this issue, thanks all for your help.
0
 
gheistCommented:
Dont panic. Now it is time tu upgrade glibc on your server too...
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 6
  • 5
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now