How to Revoke SSH Access & Keys in Linux

Secure Shell (SSH) is a common way for users to login to remote Linux systems to run commands and applications. You can login to SSH via SSH keys or using passwords. In some cases, as a system administrator you may need to revoke SSH access & keys of certain users to avoid unauthorized access. In this article, we will learn how to do this in Linux.

How to Revoke SSH Access & Keys in Linux

Here are a couple of simple ways to revoke SSH access in Linux.

1. By Deleting User’s Public key

When a user gets access to remote server via SSH, that user’s public key is stored in the server’s ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2 files. Each line of these files contains one key (DSA/ECDSA/RSA).You can easily revoke a user’s access by deleting that user’s public key from the above folders. Once you delete a user’s public key from this file, they will not be able to login to your server via SSH client. Here is a simple command to delete the public key of user user@domain from your SSH server’s ~/.ssh/authorized_keys file. You can replace user@domain with username and domain/IP address of user whose access you want to revoke.

# sed -i '/ user@domain$/d' ~/.ssh/authorized_keys

2. Lock User Account

In this method, we simply lock the user account. This way they cannot access your system via SSH keys or using password.

Here is the command to lock user account.

# passwd -l username

Here is the command to lock account with username test_user.

# passwd -l test_user

The above command locks the user account by changing user password to a value that cannot be matched with any encrypted value.

In this article, we have learnt how to revoke SSH access & keys in Linux. You can use these steps on all Linux systems. However, if you have hundreds of users accessing your system, try using a user authentication management tool like LDAP that allows you to easily add, remove & revoke keys.

How to Revoke SSH Access & Keys in Linux