| Tutorial details | |
|---|---|
| Difficulty | Easy (rss) |
| Root privileges | Yes |
| Requirements | OpenSSH client |
| Time | N/A |
ADVERTISEMENTS
Example
In this example, remove vivek@server1.cyberciti.biz from ~/.ssh/authorized_keys and lock the user account too:
# cd /home/vivek
# sed -i '/ vivek@server1.cyberciti.biz$/d' ~/.ssh/authorized_keys
# passwd -l vivek
A note about long term solution
If your setup has hundreds of users, tens of thousands, thousands of accounts for OpenSSH, try OpenSSH with LDAP. Use LDAP for key storage management. You can add, remove, and revoke keys. However, this approach adds levels of complexity to a solution, and learning curve can be very complex.
Another option is to store shared home directories on an NFS server so that one can easily add or delete the keys.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 3 comments... add one ↓
UP NEXT
macOS X Mount NFS Share / Set an NFS Client
How To Set up SSH Keys on a Linux / Unix System
CentOS / Redhat: Setup NFS v4.0 File Server
OpenSSH Config File Examples
How To Set up OpenVPN Server In 5 Minutes on Ubuntu Linux- How to secure Apache with Let's Encrypt Certificates on RHEL 8
How to sed remove last character from each line
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
We can use any configuration management tools like Puppet etc to get this , right ?
Sure that would work as well.
Keep in mind that, when using Puppet, etc… most schemes will wipe out any user generated keys whenever the config management system does a check. This won’t prevent a user from creating their own keys for a temporary basis, but will wipe out any changes they make to the file.
For a bunch of networked servers, I’d rather recommend one of the two following approaches :
1. Store SSH keys in LDAP ( Openssh servers generally will require LPK patch set ).
-or-
2. Provide CA signed certificates to your users and keep a certificate revocation list to centrally disable certain certificates.
Any good links on how to do the OpenSSH+LDAP configuration? I’ve been kinda overwhelmed about the information on it. I’m looking from a “i have 12 machines with keys installed on all, then this is how you spin up a main LDAP machine and how to import the keys to it, and then this is how the 12 machines call back to the main LDAP.”
Thanks!