Delete SSH Keys Command for Linux and Unix

One my user leaves the office and I would like to disable her access to our UNIX or Linux system. How do I delete ssh key from the UNIX systems so that user can not log in?

One can delete SSH Keys using the following simple method on Linux or Unix-like systems.
Unix or Linux delete SSH Keys command

How to delete SSH keys on Linux or Unix

The first step is to disable user login using command as follows:

Linux Lock An Account

Log in as root user:
sudo -i
Say lock out user named vivek. The syntax is:
# passwd -l userName
# passwd -l vivek

FreeBSD Local An Account

# pw lock userName
# pw local vivek

Solaris / HP-UX UNIX Lock An Account

# passwd -l userNameL
# passwd -l vivek

Remove SSH Keys

The $HOME/.ssh/ stores all required ssh keys. Simply rename the directory using the mv command or delete the directory using rm command # mv /home/vivek/.ssh /home/vivek/nosshlogin
# rm -rf /home/vivek/.ssh
For remote server edit $HOME/.ssh/authorized_keys or $HOME/.ssh/authorized_keys2 file and remove public key. This will delete login from home computer into your server. Finally, you can always delete user from your system using the pw on FreeBSD or userdel on Linux / UNIX.

A note about removing a particular host key from SSH’s known_hosts file

Use the ssh-keygen command as follows
ssh-keygen -R your-hostname
ssh-keygen -R

DenyUsers option can block any user

Another option is to edit the sshd_config file on your remove Unix or Linux server. From the man page:

DenyUsers option can block any user. This option can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID (UID) is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

So edit file:
sudo vi /etc/ssh/sshd_config
Block user vivek from log in, append or modify as follows:
DenyUsers vivek
Say you want to deny wendy and vivek users, run:
DenyUsers vivek, wendy
Save and close the file. Reload or restart the sshd service on Linux or Unix
sudo systemctl restart sshd
sudo service sshd restart
For more info see:

  1. Linux OpenSSH server deny root user access / log in
  2. OpenSSH Deny or Restrict Access To Users and Groups
  3. OpenSSH Server Best Security Practices

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 5 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
5 comments… add one
  • Aaron C. de Bruyn Jun 24, 2010 @ 1:57

    Puppet rocks.
    Change ‘ensure => present’ to ‘ensure => absent’.
    I can remove ssh access to hundreds of machines with one tweak.

  • anonymous mouse Jun 24, 2010 @ 13:44

    I’ve been out of the loop on disabling accounts for a while. What has changed?

    1. The user continues to receive e-mail. Any rules could still be executed.
    2. cron and at jobs still run.
    3. I can’t remember if sudo commands configured as NOPASSWD could still be run.

    Short of deleting the user, we always prepended an additional character to the name if the user might return. That broke the e-mail/cron connection. I don’t know enough about Puppet or cfengine to know if changing the username in this way is possible.

  • szopenek Jun 26, 2010 @ 12:45

    we also may edit /etc/ssh/sshd_config and by addid the line:
    DenyUsers [user name]
    we may disable the possibility of logining by this user.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum