Delete SSH Keys

by on June 24, 2010 · 5 comments· LAST UPDATED June 24, 2010


One my user leaves the office and I'd like to disable her access to our UNIX / Linux system. How do I delete ssh key from the UNIX systems so that user can not log in?

The first step is to disable user login using command as follows:

Linux Lock An Account

# passwd -l userName
# passwd -l vivek

FreeBSD Local An Account

# pw lock userName
# pw local vivek

Solaris / HP-UX UNIX Lock An Account

# passwd -l userName
# passwd -l vivek

Remove SSH Keys

$HOME/.ssh/ stores all required keys. Simply rename the directory or delete the directory:
# mv /home/vivek/.ssh /home/vivek/nosshlogin
# rm -rf /home/vivek/.ssh
For remote server edit $HOME/.ssh/authorized_keys or $HOME/.ssh/authorized_keys2 file and remove public key. This will delete login from home computer into your server. Finally, you can always delete user from your system using the pw (FreeBSD) or userdel (Linux / UNIX) command.

Tweet itFacebook itG+ itDownload PDF versionFound an error/typo on this page?

{ 5 comments… read them below or add one }

1 Aaron C. de Bruyn June 24, 2010 at 1:57 am

Puppet rocks.
Change ‘ensure => present’ to ‘ensure => absent’.
I can remove ssh access to hundreds of machines with one tweak.


2 nixCraft June 24, 2010 at 2:57 pm

+1 for Puppet.


3 anonymous mouse June 24, 2010 at 1:44 pm

I’ve been out of the loop on disabling accounts for a while. What has changed?

1. The user continues to receive e-mail. Any rules could still be executed.
2. cron and at jobs still run.
3. I can’t remember if sudo commands configured as NOPASSWD could still be run.

Short of deleting the user, we always prepended an additional character to the name if the user might return. That broke the e-mail/cron connection. I don’t know enough about Puppet or cfengine to know if changing the username in this way is possible.


4 nixCraft June 24, 2010 at 2:56 pm

The following lists various options while removing accounts:
Help: Old Employees Accessing The Linux Server


5 szopenek June 26, 2010 at 12:45 pm

we also may edit /etc/ssh/sshd_config and by addid the line:
DenyUsers [user name]
we may disable the possibility of logining by this user.


Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous Faq:

Next Faq: