Delete SSH Keys Command for Linux and Unix

last updated in Categories , ,

One my user leaves the office and I would like to disable her access to our UNIX or Linux system. How do I delete ssh key from the UNIX systems so that user can not log in?

One can delete SSH Keys using the following simple method on Linux or Unix-like systems.
Unix or Linux delete SSH Keys command

How to delete SSH keys on Linux or Unix

The first step is to disable user login using command as follows:

Linux Lock An Account

Log in as root user:
sudo -i
Say lock out user named vivek. The syntax is:
# passwd -l userName
# passwd -l vivek

FreeBSD Local An Account

# pw lock userName
# pw local vivek

Solaris / HP-UX UNIX Lock An Account

# passwd -l userNameL
# passwd -l vivek

Remove SSH Keys

The $HOME/.ssh/ stores all required ssh keys. Simply rename the directory using the mv command or delete the directory using rm command
# mv /home/vivek/.ssh /home/vivek/nosshlogin
OR
# rm -rf /home/vivek/.ssh
For remote server edit $HOME/.ssh/authorized_keys or $HOME/.ssh/authorized_keys2 file and remove public key. This will delete login from home computer into your server. Finally, you can always delete user from your system using the pw on FreeBSD or userdel on Linux / UNIX.

A note about removing a particular host key from SSH’s known_hosts file

Use the ssh-keygen command as follows
ssh-keygen -R your-hostname
ssh-keygen -R server1.cyberciti.biz

DenyUsers option can block any user

Another option is to edit the sshd_config file on your remove Unix or Linux server. From the man page:

DenyUsers option can block any user. This option can be followed by a list of user name patterns, separated by spaces. Login is disallowed for user names that match one of the patterns. Only user names are valid; a numerical user ID (UID) is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

So edit file:
sudo vi /etc/ssh/sshd_config
Block user vivek from log in, append or modify as follows:
DenyUsers vivek
Say you want to deny wendy and vivek users, run:
DenyUsers vivek, wendy
Save and close the file. Reload or restart the sshd service on Linux or Unix
sudo systemctl restart sshd
OR
sudo service sshd restart
For more info see:

  1. Linux OpenSSH server deny root user access / log in
  2. OpenSSH Deny or Restrict Access To Users and Groups
  3. OpenSSH Server Best Security Practices

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Start the discussion at www.nixcraft.com

Historical Comment Archive

5 comment

  1. Puppet rocks.
    Change ‘ensure => present’ to ‘ensure => absent’.
    I can remove ssh access to hundreds of machines with one tweak.

  2. I’ve been out of the loop on disabling accounts for a while. What has changed?

    1. The user continues to receive e-mail. Any rules could still be executed.
    2. cron and at jobs still run.
    3. I can’t remember if sudo commands configured as NOPASSWD could still be run.

    Short of deleting the user, we always prepended an additional character to the name if the user might return. That broke the e-mail/cron connection. I don’t know enough about Puppet or cfengine to know if changing the username in this way is possible.

  3. we also may edit /etc/ssh/sshd_config and by addid the line:
    DenyUsers [user name]
    we may disable the possibility of logining by this user.

    Still, have a question? Get help on our forum!