User A has two SSH private keys, and over time has used this public key on a number of servers
He lost one of them, and has created a new pair.
How does User A inform me (the sysadmin), that he has lost his key, and how do I manage all the servers to which he had access (I do not have a list, of all servers that User A has access to). In other words, how do I recall the public key associated with this private key.
In LDAP based Authentication, all servers would communicate with a single server repository for authentication, and If I remove acess or modify the password on the server, all systems that use this LDAP for authentication are secured, when User A loses his password.
Best Answer
What version of sshd are you using? OpenSSH 5.4 apparently has a key revocation option:
If you're using an earlier version, you probably have to run through all possible authorized_keys files on all your servers to look for and remove the suspect public key. This would include any account User-A could ssh into, including root. This assumes you are not using centralized authoried_key management.