(ロック) passwd -l hoge_user (アンロック) passwd -u hoge_user (確認) passwd -S hoge_user
パスワードを設定していないユーザで ssh ログインしようとすると公開鍵認証でもログインに失敗する - tkuchikiの日記
pw lock hoge_user pw unlock hoge_user
Why is just locking the account with usermod not sufficient?
This comes down to the fact that an account is ‘locked’ in the traditional UNIX sense by making it such that no matter what password the user tries to use, it will never match what is in the password database. This means, rather importantly, that locking the account with usermod only affects those services which are authenticating against the system password database (on a modern Linux system this would mean those services which are configured to use the pam_unix PAM module for authentication).
However, SSHD only actually authenticates against the system password database if the password or challenge-response authentication mechanism is being used. Public key authentication, as well as any other authentication mechanisms (such as GSSAPI or s/key) only involve the system password database to check that the account exists, so they will generally work just fine with a locked account.
Completely lock user account on server, including ssh - Unix & Linux Stack Exchange
/etc/ssh/sshd_config ... DenyUsers hoge_user piyo_user (Ubuntu) systemctl restart ssh (CentOS8) systemctl restart sshd
https://www.cyberciti.biz/faq/how-do-i-restart-sshd-daemon-on-linux-or-unix/