💎 Earn 45%—Join Hostman Affiliate Program!
English
Community
Sign In
Sign In

Configuring SSH Keys in Ubuntu

Configuring SSH Keys in Ubuntu
Hostman Team
Technical writer
Ubuntu
24.11.2023
Reading time: 9 min
Share

By default, you use a password to connect to a server via Secure Shell (SSH). However, there are higher levels of security. We recommend configuring SSH keys to protect your system from unauthorized access.

In the article below, we'll look at SSH keys and how to connect to a remote server, for example, a Hostman one.

How Secure Shell works

Secure Shell provides a secure remote connection to the operating system. You can use it to access the shell and transfer data.

The basic configuration consists of a client and a server.

  • The client runs on the computer that establishes the connection. 

  • The server (or cloud server) runs on the system to which you need to connect. 

A significant advantage is cross-platform. For example, you can use a client running on Linux, Windows, or macOS to connect to a server running on Ubuntu. All communications between the client and server are encrypted to prevent unauthorized parties from intercepting data.

The weakness of the basic implementation is that it depends entirely on the strength of the passphrases assigned to accounts. If an attacker learns the password, the system becomes vulnerable. SSH key-based authentication helps to address this weakness.

Benefits of using SSH keys

SSH key-based authentication uses asymmetric encryption to add an extra layer of security to remote access to a system. The concept of public key encryption was developed in 1975 by Whitfield Diffie and Martin Hellman and is based on using a pair of keys: one private key and one public key.

The public part of this pair is used to encrypt data, and only the owner of the private part of the pair can decrypt it.

When setting up SSH key-based authentication, the private part is stored on the client machine, and the corresponding public key is on the system where the SSH server is running. Protecting the private key is crucial, as possessing it will allow anyone to log into the remote system. As an additional layer of protection, the private key can also be encrypted and protected by a password that you'll need to enter each time you connect to the server.

This approach can be compared to a jigsaw puzzle. Imagine you have a picture. When you tear it into two pieces, you generate a unique pair. If you print the same picture again and tear it again, you can't reproduce the same pair.

You give one part to the host and keep the other part with you. To connect to the host, you show your piece. If it matches the piece the host has, you shake hands and exchange data. If you give the host a different fragment, it won't open a connection.

-

Creating a key pair

For example, you have a server on Hostman and need to organize secure remote management using SSH. Let's say, you decide that password verification provides insufficient security (and you are too lazy to enter a long password every time). 

The logical solution is to set up SSH key authentication. To do this, you need to generate a key pair. Let's see how to do it in different operating systems.

Linux/macOS

The easiest way to create an authentication pair on Linux and macOS is to use the built-in ssh-keygen utility.

Start the terminal and run the command:

ssh-keygen

The wizard prompts you to choose where to store the authentication data files. Press Enter to keep the default directory and file name (.ssh/id_rsa). If you want to specify a specific storage location, enter the path to it and press Enter.

The wizard will then prompt you to add a passphrase for additional protection. If you don't want to add it, press Enter.

As a result, you will get two files: one with public and one with private keys. By default, the private part is stored in the id_rsa file and the public part in the id_rsa.pub file. But you can specify any file names you want, which can be useful if you connect from the same computer to different servers that use different authentication credentials.

Windows

On Windows, you can generate keys using the PowerShell command line. In recent versions, it supports the ssh-keygen utility. The procedure is the same as on Linux and macOS.

There is an alternative way: using the PuTTY application suite. It also includes the PuTTYgen generator.

  1. Start PuTTYgen and click the Generate button. 

  2. Move the mouse pointer to generate random data. 

  3. Enter an additional passphrase to secure the private key. 

When the process is complete, save the files in suitable locations using the Save public key and Save private key buttons.

Copying the public key to the server

You should store the private key on the computer from which you will connect to the server and transfer the public key to the host you want to connect to.

If the openssh-server is not installed and running on the host, install and enable it using the following commands.

apt install openssh-server
systemctl start sshd.service
systemctl enable sshd.service

There are several ways to transfer the public key.

Using ssh-copy-id

The built-in ssh-copy-id utility helps to transfer the value of the public key automatically. This method is available on Linux and macOS.

In the terminal, run the command:

ssh-copy-id username@server_address 

The first time you connect, you may get a message that the local computer did not recognize the remote host. To remember the server, type 'yes' and press Enter. After that, the utility will check the local computer and the public key and then prompt you to enter a password. After establishing the connection, the utility will copy the private key content to ~/.ssh/authorized_keys. All public keys data is stored there. In response, the terminal should display a message like this:

Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@remote-host'"
and check to make sure that only the key(s) you wanted were added.

Transfer via password access

If you don't have the ssh-copy-id utility, you can copy the key via Secure Shell using the password. To do this, run the command:

cat ~/.ssh/id_rsa.pub | ssh username@server_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod go= ~/.ssh/authorized_keys"

It looks complicated, but it's actually a simple operation.

  1. First, you output the contents of the file: cat ~/.ssh/id_rsa.pub

  2. Next, you connect to the remote host: ssh username@server_address

  3. Then, you create a folder and file to store the public key.

This example uses the >> redirect symbol. It allows you to append the file's contents rather than overwriting it. It is useful if you are adding multiple keys.

Manual migration

If you don't have an ssh-copy-id (for example, you are using Windows), you can connect via Secure Shell by password, manually create the .ssh/authorized_keys file, and then add the public key.

Display the contents of the public key on the local machine with the command:

cat ~/.ssh/id_rsa.pub

Copy the displayed response. It should look like this:

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDC4OSYUK5tAsjYMI4mLWDQleLz1d0IBz7G1cfsC9xnM
MNYfFUSVzjZzsPVnNKzNwcO6dFs8WiE37gUI8p/ekHghcxWzgEybtAY6LleLJh53LPB1D8YEh
92s21p7U0a8rQnGq1LCRQ0y8JFaf9PbmLWJM7llUKhc0YiOIJsQDZxX8g6KYSAaLH+z9Vj8Ag
5Hw4BHi0uWL03tX3jImC3DfU2JnzMAuA+EqGjO5eCkGvD5V2fVbpqscig2G2dmjg5E4I2Q7VD
lEkBMxG7PJSM3O/l8LnS4a2vICFj2am2Zk1jsGFi66/6yBDQZDsZ+SrCvkTRw0ZikxaRVwCmk
F6cgBJn rsa-key-20220602

Then connect to the server and create the ~/.ssh directory with the command:

mkdir -p ~/.ssh

Add the public key:

echo public_key_string >> ~/.ssh/authorized_keys

Instead of public_key_string, specify the content of id_rsa.pub, which you just copied. If the authorized_keys file doesn't exist, the system will create it automatically. If it does exist, you will insert a new string into it.

Finally, configure permissions for the ~/.ssh directory and the authorized_keys file. Remove all group and other permissions for the ~/.ssh/ directory:

chmod -R go= ~/.ssh

Set the directory owner to your user instead of root:

chown -R username:username ~/.ssh

If you plan to access the server from different clients, you can use ssh-copy-id or manually edit .ssh/authorized_keys to insert additional keys. Each line should store only one value.

Connecting with keys

Everything is ready to connect via SSH in Ubuntu. 

Start your terminal and run the command:

ssh username@server_address

The first time you connect, you may get a warning that the local computer doesn't recognize the remote host. To remember it, type yes and press Enter.

If you have set a password for the private key, you will be prompted to enter it. If there is no password, you will log in immediately.

Connecting with PuTTY

If you use Windows, you can also connect using PuTTY.

  1. Start PuTTY.

  2. On the Session tab, enter the hostname or IP.

  3. Leave the default port at 22.

  4. Select the connection type: SSH.

  5. Click the Connection -> SSH -> Auth tab.

  6. Click Browse and select the previously saved private key.

  7. Click Open to establish the connection.

If the connection is successful, PuTTY will launch its own terminal through which you can access the server.

Disabling the password

When using SSH keys in Ubuntu, you can disable password access. This will make the connection safer: if there's no password, no one can steal it and access your server.

Important: before you disable the password, make sure that the private key is securely stored and backed up. If you disable the password and then lose the private key, you will not be able to connect to the server remotely.

In Ubuntu, open the SSH key settings stored in sshd_config:

sudo nano /etc/ssh/sshd_config

Find the PasswordAuthentication line and change the value of yes to no

Restart the service to apply the configuration:

sudo service ssh restart

A strong move from a security perspective. Attackers can try to match the passphrase all they want. This authentication method no longer works. Only the user with the previously generated private key stored on his computer can connect.

Conclusion

By default, Secure Shell allows remote access using password-based authentication. This leaves the system vulnerable to anyone who can guess the password or get it by other means. 

We recommend SSH key-based authentication for maximum protection of access to the system. It is based on the concept of public and private key encryption. Users can only connect to the server from the client with a private key corresponding to the server's public key with a private key corresponding to the server's public key. As an additional layer of security, the private key can also be encrypted and password protected.

Ubuntu
24.11.2023
Reading time: 9 min
Share

Similar

Ubuntu

How to Install TightVNC Server on Ubuntu

A remote desktop lets you control your computer from wherever you are, which is super handy for working or fixing issues. For users of Ubuntu, TightVNC Server is one such stand-alone option to opt for. This software uses VNC to remotely view and control your computer's screen. This tutorial covers the TightVNC Server installation on Ubuntu. We'll guide you through installation and show you how to secure your connection. What is TightVNC TightVNC is a remote desktop application built on the VNC protocol. With this tool, you can control and view your Linux computer on a different machine, whether it is a laptop or a mobile. This software also compresses data and optimizes bandwidth, so it is extremely beneficial for low latency, low-speed internet. This software is used quite frequently by developers and administrators to access servers from far away and to debug everything. Why Use TightVNC Server  TightVNC possesses some great benefits to Ubuntu users: Resource-Efficient: Since it does not require a lot in terms of resources, it is appropriate for low-power PCs and works well on old computers. Multi-Platform Compatibility: It is compatible with other operating systems thus you can use your setup from various devices, e.g., tablets, windows computers, and even Macs. Customizable Configurations: You can customize the tool to your needs. You can utilize your own ports, use secure tunnels for the sake of security, or use less technical desktop environments so that all the things remain light and fast. Cost-Free Solution: It's an open-source project, so the software is completely free for both business and personal use. Prerequisites  Ensure you have: Ubuntu OS: This tutorial applies to Ubuntu 20.04 and newer versions. Desktop Environment: A GDE like LXDE should be installed. Superuser Access: Administrative privileges are must for installation. Internet Access: Stable connectivity for downloading packages. Step 1: Update System Initially, upgrade your system so that all processes work perfectly and there are no issues during the installation. Run: sudo apt update && sudo apt upgrade -y The command updates outdated programs and also puts the list of software on your computer in a refreshable state. Step 2: Install TightVNC Server Now, install the TightVNC server package using the following command to enable the remote desktop functionality.  sudo apt install tightvncserver -y This installs the core software. The -y flag automatically confirms the installation prompt, ensuring the process is uninterrupted.  Once completed, the application will be ready for further configuration. Step 3: Install a Graphical Desktop Environment (GDE) TightVNC requires a GDE and LXDE is recommended due to its lightweight nature: sudo apt install lxde -y By restricting the utilization of resources, LXDE provides your system with more space for your real work. It is particularly useful if your server is low in RAM and CPU. Step 4: Configure TightVNC  Configuration is crucial in installing the tool to your specifications. To ensure proper operation, do the following: Initialize Session Run TightVNC server to create your initial session: tightvncserver It will ask you to create a remote access password during initialization. This password guarantees only approved users may connect. Stop the Server for Configuration To modify default settings, first stop the server: tightvncserver -kill :1 Stopping session :1 allows you to edit the startup file without interruption. Edit Startup Script Create or modify the startup file: nano ~/.vnc/xstartup Add the below-provided configuration: xrdb $HOME/ .Xresources xsetroot -solid grey export XXL_XMODMAP_DISABLE=1 /etc/X11/Xsession /usr/bin/startlxde These commands start an X11 session with a graphical desktop. They start user configuration, set the background color, disable custom keyboard mappings, initalize the session, and start the LXDE environment. Then assign the correct permissions to ensure it executes properly: sudo chmod 755 ~/.vnc/xstartup Step 5: Start the Server Restart the server to ensure correct configurations are applied: tightvncserver The session number (e.g., :1) displayed in the output allows for remote connection. Step 6: Connect to the System Remotely Now it’s time to connect to your server using the TightVNC Viewer or any compatible VNC client. First, get your server’s IP address using: hostname -I Then use the below instructions: Start the VNC client on your local device. Input the server address in the form of ip_address:session_number. For example: 192.168.X.X:590X. Type in the VNC password that you have set earlier. Once connected, the graphical interface is remotely manageable. Step 7: Secure TightVNC Server Remote access involves potential security risks, so it’s important to secure your server connection. Use SSH Tunneling To encrypt your connection, create an SSH tunnel: ssh -L 5901:localhost:5901 user@your_server_ip Replace user and your_server_ip with your server details. Access the VNC session via localhost:5901 in the VNC Viewer. Restrict Port Access Use the system firewall to allow connections only from trusted IPs: sudo ufw allow from your_trusted_ip to any port 5901 Replace your_trusted_ip with the IP of your local machine. Step 8: Stop and Manage the Server You can stop a session to save resources when it’s not needed: tightvncserver -kill :1 This disables the active connection without uninstalling the server. Troubleshooting Common Issues If you encounter problems during setup or remote access, these solutions may help: Blank Screen After Connection If TightVNC only shows a blank or gray screen, try these solutions: Kill all VNC sessions: Conflicting sessions can cause display issues. tightvncserver -kill :session_number Once done, run the server again: tightvncserver Restart the System: A simple reboot can resolve graphical glitches and session conflicts: sudo reboot Specify the Display Screen: Ensure the correct display screen is used by setting the DISPLAY variable: export DISPLAY=:1 This will allow remote access to the login screen via Xorg. Also, don’t forget to include startxfce4 in the xstartup file. Remove Lock Files: Leftover lock files can interfere with graphical sessions: sudo rm -rf /tmp/.X*-lock /tmp/.X11-unix/X* Unable to Connect Confirm the port (e.g., 5901) is open: sudo ufw status Open the port if necessary: sudo ufw allow 5901/tcp Session Won’t Start Check for logs in the .vnc directory: cat ~/.vnc/*.log Client Rejected from Localhost Some VNC servers might only listen on localhost by default. To fix the issue, run: vncserver -localhost no Integrating TightVNC with Cloud Platforms You can expand the application usability by integrating it with cloud services for remote accessibility. Apply the following instructions: Open ports required for TightVNC through the cloud platform’s security group settings (e.g., port 5901 for VNC sessions). Use SSH tunneling to secure access: ssh -i your-key.pem -L 5901:localhost:5901 user@cloud_server_ip Customizing TightVNC Viewer Settings Overlooked client settings can really boost usability and security. Add a View-Only Mode for Specific Users In case someone needs to monitor activity without interacting with the desktop: Set a view-only password: tightvncpasswd -viewonly Provide the user with the view-only password while keeping control of the main session. Integrating TightVNC with Scripts Automation can streamline workflows for repetitive tasks or multi-session setups.  Batch Start Multiple Sessions Write a script to launch multiple VNC instances simultaneously: nano ~/start-vnc-sessions.sh Add: #!/bin/bash tightvncserver :1 tightvncserver :2 tightvncserver :3 Make the script executable: chmod +x ~/start-vnc-sessions.sh Run the script: ./start-vnc-sessions.sh Conclusion TightVNC Server installation on Ubuntu allows secure remote desktop access with maximum accessibility and productivity. This tutorial has given you an optimized and secured environment through which you can remotely access your system. For remote access for troubleshooting purposes, server management, and so on, TightVNC offers simple management with maximum resource utilization.
23 July 2025 · 7 min to read
Ubuntu

Installing and Configuring Samba on Ubuntu 22.04

Let’s look at the process of installing Samba software on a cloud server with the Ubuntu 22.04 operating system. This guide is also suitable for installing Samba on Debian. Let’s start with a brief description of this software. What is Samba Samba is a software package developed to provide compatibility and interaction between UNIX-like systems and Windows. The software has been distributed under a free license for over 30 years. Samba ensures seamless integration of servers and PCs running UNIX into an AD (Active Directory) system. This software can be used as a controller and as a standard component of a domain. Thus, users can flexibly configure cloud file storages. Samba provides extensive functionality for managing file and database access rights by assigning specific user groups. Creating a New Server Go to the control panel and create a new server.  Select the Ubuntu 22.04 image and then the minimum server configuration.  After creating the server, connect to it via SSH, and you can begin configuration. Adding a User This is simple — enter the command: sudo useradd -p new_server_pass new_server_user Instead of new_server_pass and new_server_user, you can use any password and any username. Enter your own data instead of the example ones. Note that we immediately set the password, which was possible thanks to the -p command. Installing Samba on Ubuntu For convenience, we have broken the installation process into separate steps. Step 1. Preparation To start the installation process, use the following command: sudo apt install samba -y Now you need to remember the system name of the service. In most cases, it is smbd. Therefore, if you want to call the service, use this name. First, let’s configure autostart, which is done with the command: sudo systemctl enable smbd Now start it using the familiar command: sudo systemctl start smbd Then check the system status using: sudo systemctl status smbd To stop Samba, use: sudo systemctl stop smbd To restart the service, enter: sudo systemctl restart smbd If you want Samba to no longer start automatically, use the command: sudo systemctl disable smbd The reload command is used to refresh the configuration. The following command will forcibly open port 445, as well as 137–139. To allow them in the ufw firewall, use: sudo ufw allow Samba Step 2. Configuring Anonymous Access Suppose you have some remote server located outside your cloud. Network security rules require that you never open direct access to it through its IP. You can only do this through a tunnel, which is already set up. Typically, servers with granted access have the address 10.8.0.1, and this is the address we will use further. To share data and grant anonymous access to it, first open the configuration file. It is located here: /etc/samba/smb.conf. We recommend making a backup of the clean file — this will help you quickly restore the original program state without needing to reinstall. Now remove all comments, leaving only the code, and enter the command testparm to ensure the program works properly. In the shared folder settings, enter the following parameters: [share]     comment = share     path = /data/public_share     public = yes     writable = yes     read only = no     guest ok = yes Also, make sure that the following four fields (mask and mode) have matching numeric values (for example, 0777). Regarding the specific lines: [share] — the name of the shared folder, which will be visible to everyone connecting to your server; comment — a comment that can be anything; path — the path to the data storage folder; public — gives permission for public access: if you do not want users to view the folder contents, set this to no; writable — determines whether data can be written to the folder; read only — specifies that the folder is read-only: to allow users to create new files, set it to no; guest ok — determines whether guests can access the folder. Thus, the folder name and path may differ depending on what values you specify for the shared folder. The comment can also be anything, and for the last four parameters, values are set as yes or no. Now restart the program and check if you can connect to the server from Windows. Step 3. Configuring Access by User Credentials To create access by login and password, you first need to create a new directory and configure permissions. In the configuration file, set all parameters to no (see above), except writable: in this line, the value should be yes, meaning that writing in the folder should be enabled. Use the mkdir command to create a new directory, then create a user with useradd someone (where someone can be any username) and set a password for them with the command passwd. For example: passwd something Now, with the command below, add the new user and try to log in: if everything is configured correctly, you will have access to the folder. sudo smbpasswd -a someone Step 4. Configuring Group Access Configuring group access is necessary when you need to create restricted access for specific user groups. In smb.conf, after the line guest ok, additionally specify the following lines (all usernames here are generated simply for example): valid users = admin, mary_smith, jane_jameson, maria ortega, nathalie_brown write list = admin, nathalie_brown In the valid users line, list the users who are granted access to the directory. And in the write list, list those who can modify data in the folder. In addition, after the force directory mode line, add another line with the following value: inherit owner = yes This enables inheritance of created objects. Now save the settings and restart the service, after which the new settings should take effect. Step 5. Connecting to Samba from Windows and Linux For quick connection to Samba from Windows, press Ctrl+E and enter the path. Note that you need to use \\ to indicate the network path to the resource. And to avoid reconnecting to the server each time, you can choose the option to connect the resource as a drive, if your security policy allows it. In the new window, specify the drive letter and fill in the required data. For connecting to Samba from Linux, you use the cifs utilities, which are installed with the command: sudo apt install cifs-utils -y Next, the resource is mounted and connected. This is done with: sudo mount.cifs //10.8.0.1/our_share /share The path and resource name can be anything. You can also perform automatic mounting using the configuration file fstab with its own settings. Step 6. Configuring the Network Trash Bin This operation is needed to avoid accidental permanent deletion of files. For this, create the following directory: [Recycle]     comment = Trash for temporary file storage     path = /directory/recycle     public = yes     browseable = yes     writable = yes     vfs objects = recycle     recycle:repository = .recycle/%U     recycle:keeptree = Yes     recycle:touch = Yes     recycle:versions = Yes     recycle:maxsize = 0     recycle:exclude = *.tmp, ~$*     recycle:exclude_dir = /tmp Now, let’s review line by line what these parameters mean: vfs objects = recycle — indicates use of the corresponding subsystem; repository — the path for storing deleted data; keeptree — whether to keep the directory tree after deletion; touch — whether to change the timestamps of files when they are moved to the trash; versions — whether to assign a version number if files with identical names are deleted; maxsize — the maximum size of a file placed in the trash. A value of 0 disables limits; exclude — which file types to exclude; exclude_dir — which directories to exclude. Conclusion That’s it — now you know how to install Samba on an Ubuntu cloud server and configure it for your own needs.
04 July 2025 · 7 min to read
Ubuntu

Deleting a User in Ubuntu 22.04

A server administrator often has to work with user accounts — adding, deleting, and configuring access modes. Removing outdated user accounts is one security measure that can significantly reduce the number of vulnerabilities in the system. The Linux utilities deluser and userdel are used for deletion. However, before proceeding directly to deleting a user, we must take certain steps. In this article, we will explore how to delete a user in Ubuntu without compromising the system. At the same time, we will preserve the ability to access the user’s home directory files after deletion. In this article, we will work with the user hostman, which was created beforehand. This article will primarily focus on removing an Ubuntu user via the terminal, but we will also provide instructions for deleting a user account through the graphical interface. Please note that you will need superuser privileges to work with user accounts. The instructions will be suitable for any cloud server running Ubuntu OS. Checking the User Account First, you need to check whether the user is currently logged into the system. This will affect further steps: if the user is currently authorized on the server, you will need to terminate their connection and change the password. Check the list of users authorized in the system using the who utility or its alias w: who If you see that the user hostman is authorized, you need to check which processes are running under this user. This is a necessary step because if background operations are being performed, Ubuntu 22.04 will not allow us to delete the user. Check with the ps utility: sudo ps -u hostman As a result, you might see a response like this:    PID TTY          TIME CMD 1297129 pts/2    00:00:00 bash 1297443 pts/2    00:00:00 htop For testing purposes, we launched the htop utility under the hostman account, which is running in the background. Blocking Access Before stopping the user’s processes, you need to block their access to the system. You can do this by changing their password. User passwords are stored in the system in encrypted form in the /etc/shadow file. This file is readable only by the root user, and in addition to password hashes, it contains their expiration information. There is a special utility that allows you to remove a user’s password in Ubuntu — passwd. To restrict access, we will use the passwd utility with the -l (or --lock) flag, which puts the utility into lock mode: sudo passwd -l hostman As a result, the utility will add an exclamation mark at the beginning of the encrypted password string. That is all that is needed to prevent the user from logging in again since the hashes will no longer match. Killing Processes In Ubuntu, you cannot delete a user via the console if any processes are running under their name. To terminate a process, you can use one of the following commands: kill — deletes a process by its identifier. You can determine the IDs of the hostman user processes with: top -U hostman or ps -u hostman pkill — deletes a process by its name. For example, if the user hostman has launched the top process, you can terminate it with: sudo pkill top killall — deletes all processes, including child processes. Often, a process will launch many so-called subprocesses; stopping them by name or identifier can be complex and time-consuming. We will use the last command to reliably kill all user processes: sudo killall -9 -u hostman The -9 flag means the processes will receive a SIGKILL signal. This means the process will be forcibly terminated, since this signal cannot be ignored or blocked. Essentially, it is equivalent to a “force quit” of a non-responding program in graphical operating systems. After completing the user’s processes, they will no longer be authorized in the system. You can verify this using the who command. Since we locked the login in the previous step, the hostman user will not be able to log in again. Optional — Archiving the Home Directory Quite often, when deleting a Linux user account, you may need to keep its home directory, which might contain important files required either by the user or by the organization you are serving as an administrator. The built-in Ubuntu utilities allow you to remove a user while keeping their home directory. However, this is not recommended for two reasons: Disk Space — the user’s home directory may contain a large amount of data. It is irrational and excessive to store data from all outdated accounts on the main work disk. Over time, you might run out of space for new users. Data Relevance — it is good practice to keep the /home directory containing only the directories corresponding to active user accounts. Keeping this list in order helps with administration. We will use the tar utility to archive the home directory of the hostman user: sudo tar -cvjf /mnt/nobackup/hostman.homedir.tar.gz /home/hostman Let’s go over the arguments and flags: -c — creates the resulting .tar archive file -v — enables verbose mode, showing debugging information and listing archived files -z — creates a compressed .gz archive -f — indicates that the first argument will be used as the archive name The first argument is the final location of the archive. In our example, we place the archive with the user’s home directory on the nobackup disk, which, as the name implies, is not subject to backup. The second argument is the path to the directory from which the archive is created. Stopping Scheduled Jobs Before deleting a user in Ubuntu, it is recommended to stop all cron scheduler tasks launched by that user. You can do this with the crontab command. We will launch it under the hostman user with the -u flag and switch it to delete mode with the -r flag: sudo crontab -r -u hostman Now you can be sure that after deleting the user account, no unknown scripts will be executed for which no one is responsible. Deleting the User Once all the previous steps have been completed, it is time to proceed with the main task: deleting the Ubuntu user. There are two ways to do this: the deluser and userdel utilities. To delete the user account, we will use the deluser utility. Running it without parameters will delete the user account but leave their home directory and other user files intact. You can use the following flags: --remove-home — as the name suggests, deletes the user’s home directory --remove-all-files — deletes all system files belonging to the user, including the home directory --backup — creates an archive of the home directory and mail files and places it in the root directory. To specify a folder for saving the archive, use the --backup-to flag. As you can see from the parameter descriptions above, manually archiving the user’s home directory is not strictly necessary — deluser can do everything for you. In addition, with deluser you can remove a user from a group in Ubuntu or delete the group itself: sudo deluser hostman administrators The command above removes the user hostman from the administrators group. Let’s proceed with the complete deletion of the user and the hostman group without preserving the home directory: sudo deluser --remove-home hostman Deleting the User via Graphical Interface The entire article above is about how to delete a user in the Ubuntu terminal. But if you have a system with a graphical interface, you can delete a user in just a few simple steps. Open the Users section in System Settings. To switch to superuser mode, click the Unlock button. After that, the Delete User button will become active. When you click it, a dialog box will appear, offering to delete the user’s files, specifically those in the home directory. Conclusion Deleting a user in Ubuntu is not difficult; you just need to use the deluser utility with the required parameters. However, in this article, we described several steps that will help you safely delete a user account while preserving the system’s stability.
04 July 2025 · 7 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support