HowTo: Revoke OpenSSH Keys and Disable User Access

Many users are using ssh to log into a remote machine and append the indicated identity file to machine’s ~/.ssh/authorized_keys file. I recently moved one of my server, and I would like to revoke openssh keys and disable user access under Linux operating systems. How do I revoke OpenSSH keys under Unix or Linux operating systems?

The default ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2 file lists and stores the public keys (DSA/ECDSA/RSA) that can be used for logging for any user using public key authentication. Each line of the file contains one key. You can simply delete the key from this file, and the user can not access the server using the ssh client. You also need to disable or lock an user account using passwd command.


In this example, remove from ~/.ssh/authorized_keys and lock the user account too:
# cd /home/vivek
# sed -i '/$/d' ~/.ssh/authorized_keys
# passwd -l vivek

A note about long term solution

If your setup has hundreds of users, tens of thousands, thousands of accounts for OpenSSH, try OpenSSH with LDAP. Use LDAP for key storage management. You can add, remove, and revoke keys. However, this approach adds levels of complexity to a solution, and learning curve can be very complex.

Another option is to store shared home directories on an NFS server so that one can easily add or delete the keys.

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

How to Make Website WCAG Compliant?

Next Post

Link download Kali Linux 2020.1 (ISO + Torrent)

Related Posts