To revoke OpenSSH keys and disable user access, you need to remove the user’s public key from the authorized keys file and remove their private key from their client. Here are the steps to do this:
-
On the server, locate the user’s authorized keys file. It’s usually located in the
~/.sshdirectory. -
Remove the public key that corresponds to the user’s private key by deleting the line containing the public key from the authorized keys file.
-
On the client, remove the private key from the user’s SSH keystore. This can usually be done by running the following command:
ssh-add -d /path/to/private/key
-
If the user has multiple keys in the keystore, repeat the previous step for each key.
-
Finally, on the server, check if the user has any active sessions, and if so, terminate them. This can be done using the following command:
pkill -KILL -u username
This will revoke the OpenSSH keys and disable the user’s access. The user will no longer be able to log in using their old keys and will need to generate a new key pair to access the server again.