Finding ssh key on linux dedicated server and remove it


Recently i have rented a dedicated server(linux) and my provider announced me that they have installed a 'ssh key' for some emergency access to server from their side.but says to me that if i want i can remove it,please let me know that how can find it and remove.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:

The keys are mostlikely in the /root folder. There should be a hidden folder called .ssh.
If you are in the /root folder do a "ls -la" to show all files/directories, including the hidden ones. If you see the directory cd into it.

# cd .ssh

Open in new window

Now do "ls -la" again, there's most likely a few files there, list the results of the "ls -la" command here if you want...

Are you using keys to login into your machine as well? Or are you using user/password to login?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MOSTAGHASSIAuthor Commented:
Hi spravtek,

I use user/password for login to machine.

for 'ls-la' the result is:

total 146K
drwxr-xr-x   24 root root 4.0K Jun 24 17:37 .
drwxr-xr-x   24 root root 4.0K Jun 24 17:37 ..
-rw-------    1 root root 8.0K Jun 28 03:01
-rw-------    1 root root 8.0K Jun 29 00:10 aquota.user
-rw-r--r--    1 root root    0 Jun 24 17:37 .autofsck
-rw-r--r--    1 root root    0 Jun 24 15:44 .autorelabel
dr-xr-xr-x.   2 root root 4.0K Jun 24 17:19 bin
dr-xr-xr-x.   5 root root 1.0K Jun 24 15:34 boot
drwxr-xr-x.   2 root root 4.0K Oct 18  2014 cgroup
-rw-r--r--    1 root root  428 Jan 20  2014
drwxr-xr-x   20 root root 3.8K Jun 24 17:38 dev
drwxr-xr-x.  75 root root 4.0K Jun 29 00:10 etc
drwx--x--x.   6 root root 4.0K Jun 28 00:16 home
-rw-r-----    1 root root  575 Jun 24 15:34 installimage.conf
-rw-r-----    1 root root 9.1K Jun 24 15:34 installimage.debug
dr-xr-xr-x.  11 root root 4.0K Jun 24 17:36 lib
dr-xr-xr-x.   9 root root  12K Jun 24 16:58 lib64
drwx------.   2 root root  16K Jul 11  2011 lost+found
drwxr-xr-x.   2 root root 4.0K Sep 23  2011 media
drwxr-xr-x.   2 root root 4.0K Sep 23  2011 mnt
drwxr-xr-x.   2 root root 4.0K Sep 23  2011 opt
dr-xr-xr-x  245 root root    0 Jun 24 22:07 proc
dr-xr-x---.   5 root root 4.0K Jun 28 21:35 root
drwxr-xr-x    3 root root 4.0K Jun 24 15:33 run
dr-xr-xr-x.   2 root root  12K Jun 24 16:57 sbin
drwxr-xr-x.   2 root root 4.0K Sep 23  2011 selinux
drwxr-xr-x.   2 root root 4.0K Sep 23  2011 srv
drwxr-xr-x   13 root root    0 Jun 24 22:07 sys
drwxrwxrwt.   4 root root 4.0K Jun 29 10:39 tmp
drwxr-xr-x.  14 root root 4.0K Jun 24 17:00 usr
drwxr-xr-x.  21 root root 4.0K Jun 24 17:06 var

Open in new window

Zephyr ICTCloud ArchitectCommented:
You're not in the correct directory :)

cd /root

Open in new window

cd .ssh

Open in new window

and then the "ls -la" again.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

MOSTAGHASSIAuthor Commented:
Each time that i'm with you learn some important thing for linux,thanks.

the result is:

total 20K
drwx------. 2 root root 4.0K Jun 24 17:02 .
dr-xr-x---. 5 root root 4.0K Jun 28 21:35 ..
-rw-------  1 root root  421 Jun 24 16:56 authorized_keys2
-rw-------  1 root root  672 Jun 24 17:02 id_dsa
-rw-r--r--  1 root root  612 Jun 24 17:02

Open in new window

As i read on internet there must be 2 keys,am i right?
Zephyr ICTCloud ArchitectCommented:
yes, you have the, that is your public key and you  have your id_dsa which is your private key.
You should check the "authorized_keys2" file ... But since you do not use keys to login it's probably safe to delete ... But before we do that you might want to make a copy of it first, or we'll rename it and move it:

# mv authorized_keys2 authorized_keys2_backup

Open in new window

# mv authorized_keys2 /root

Open in new window

Or alternatively, download them via sftp to your desktop and keep them safe there.

Now normally we should delete the keys as well, if they are not used ... But you could keep them on your desktop as well.

In the end though, you should switch from user/password to key authentication because it's more secure. Check topic 7 on this page on how to do that if you're interested.

Before you start playing with ssh, make sure you have 2 console connections open to your machine, because if you change something you need to make sure you keep access, if you loose 1 connection after a change you might be able to use the second console as backup.
MOSTAGHASSIAuthor Commented:
Thanks, my provider has not given these keys to me and they says that these keys is near them so if one time i lose my password they enter to server and retrive the site.

But i want use the  user/password for working the site,if i dowload these keys i can use it at future if i need to retrieve the site when lose my password ,am i right?

Then i think must remove it from server so nobody use it.

At this time i have some another problem,so after 4 hours i will start with your help.
Zephyr ICTCloud ArchitectCommented:
Ok, no problem ... You can download the keys to your desktop for safe keeping and delete them if you want, but remember, keep your console open when you delete them and try to login through a new connection to test if you can still access the server after deleting the keys.
Gerwin Jansen, EE MVETopic Advisor Commented:
Look for a file called AUTHORIZED_KEYS in that. ssh folder. Remove entries from it, or just rename the file.
If you want to use your own keys, then you add your key to /root/.ssh/authorized_keys
MOSTAGHASSIAuthor Commented:
Hi spravtek;

Thanks,please let me know that if i download these keys ,then if one time i lose the password of ssh ,how can use from these keys and does it help?
Zephyr ICTCloud ArchitectCommented:
No, if you lose the password you'll need to contact the provider/host so they can recover it for you, unless you have physical access and know how to get into the box to reset the root password of course.

The keys will not help you when you download them, they only can be used when they are on the system and are used to replace login with user/password.
MOSTAGHASSIAuthor Commented:
So.please let me the process of deleting and at the future i will delete it.
Zephyr ICTCloud ArchitectCommented:
when you are in the .ssh folder just perform the rm command, something like this:

# rm  id_dsa
# rm
# rm authorized_keys2

That's the safest approach, the rm command can be dangerous, so we'll use it file by file ;)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.