ssh_key_manage
Manage SSH host keys to verify server identities, accept new connections, remove outdated entries, and list current keys for secure authentication.
Instructions
Manage SSH host keys for security verification
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Action to perform | |
| server | No | Server name (required for most actions) | |
| autoAccept | No | Automatically accept new keys (use with caution) |
Implementation Reference
- src/tool-registry.js:57-72 (registration)Registration of the 'ssh_key_manage' tool as part of the advanced tool group in the TOOL_GROUPS export.advanced: [ 'ssh_deploy', 'ssh_execute_sudo', 'ssh_alias', 'ssh_command_alias', 'ssh_hooks', 'ssh_profile', 'ssh_connection_status', 'ssh_tunnel_create', 'ssh_tunnel_list', 'ssh_tunnel_close', 'ssh_key_manage', 'ssh_execute_group', 'ssh_group_manage', 'ssh_history' ]
- src/ssh-key-manager.js:136-149 (helper)Helper function to remove a host's SSH key from known_hosts file using ssh-keygen.export function removeHostKey(host, port = 22) { try { const hostEntry = port === 22 ? host : `[${host}]:${port}`; // Use ssh-keygen to remove the host execSync(`ssh-keygen -R "${hostEntry}"`, { stdio: 'ignore' }); logger.info('Host key removed', { host, port }); return true; } catch (error) { logger.error('Failed to remove host key', { host, port, error: error.message }); throw new Error(`Failed to remove host key: ${error.message}`); } }
- src/ssh-key-manager.js:154-185 (helper)Helper function to add a new host key to known_hosts, fetching via ssh-keyscan if needed, with backup.export async function addHostKey(host, port = 22, keyData = null) { try { // Backup current known_hosts if (fs.existsSync(KNOWN_HOSTS_PATH)) { fs.copyFileSync(KNOWN_HOSTS_PATH, KNOWN_HOSTS_BACKUP); } // If no key data provided, fetch it if (!keyData) { const fingerprints = await getHostKeyFingerprint(host, port); if (fingerprints.length === 0) { throw new Error('No host keys found'); } keyData = fingerprints.map(fp => fp.fullKey).join('\n'); } // Ensure .ssh directory exists const sshDir = path.dirname(KNOWN_HOSTS_PATH); if (!fs.existsSync(sshDir)) { fs.mkdirSync(sshDir, { mode: 0o700, recursive: true }); } // Append to known_hosts fs.appendFileSync(KNOWN_HOSTS_PATH, keyData + '\n'); logger.info('Host key added', { host, port }); return true; } catch (error) { logger.error('Failed to add host key', { host, port, error: error.message }); throw new Error(`Failed to add host key: ${error.message}`); } }
- src/ssh-key-manager.js:190-204 (helper)Helper function to update host key by first removing the old entry and adding the new one.export async function updateHostKey(host, port = 22) { try { // Remove old key removeHostKey(host, port); // Add new key await addHostKey(host, port); logger.info('Host key updated', { host, port }); return true; } catch (error) { logger.error('Failed to update host key', { host, port, error: error.message }); throw new Error(`Failed to update host key: ${error.message}`); } }
- src/ssh-key-manager.js:247-293 (helper)Helper function to list all known hosts from known_hosts file with their key fingerprints and types.export function listKnownHosts() { if (!fs.existsSync(KNOWN_HOSTS_PATH)) { return []; } const content = fs.readFileSync(KNOWN_HOSTS_PATH, 'utf8'); const lines = content.split('\n'); const hosts = new Map(); for (const line of lines) { if (line && !line.startsWith('#')) { const entry = parseKnownHostEntry(line); if (entry) { // Extract host and port let host = entry.host; let port = 22; if (host.startsWith('[')) { const match = host.match(/\[([^\]]+)\]:(\d+)/); if (match) { host = match[1]; port = parseInt(match[2]); } } const keyData = Buffer.from(entry.key, 'base64'); const hash = crypto.createHash('sha256').update(keyData).digest('base64'); const hostKey = `${host}:${port}`; if (!hosts.has(hostKey)) { hosts.set(hostKey, { host, port, keys: [] }); } hosts.get(hostKey).keys.push({ type: entry.keyType, fingerprint: `SHA256:${hash}` }); } } } return Array.from(hosts.values()); }