# Connect to your Linux instance using SSH There are multiple ways to connect to your Linux instance using SSH. Some ways depend on the operating system of the local computer that you connect from. Other methods are browser-based, such as EC2 Instance Connect or AWS Systems Manager Session Manager, and can be used from any computer. You can use SSH to connect to your Linux instance and run commands, or use SSH to transfer files between your local computer and your instance. Before you connect to your Linux instance using SSH, complete the following prerequisites: + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). Then, choose from one of the following options to connect to your Linux instance using SSH. + [Connect using an SSH client](connect-linux-inst-ssh.md) + [Connect using PuTTY](connect-linux-inst-from-windows.md) + [Transfer files using SCP](linux-file-transfer-scp.md) If you can't connect to your instance and need help troubleshooting, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). # Connect to your Linux instance using an SSH client Connect using an SSH client You can use Secure Shell (SSH) to connect to your Linux instance from your local computer. For more information about other options, see [Connect to your EC2 instance](connect.md). **Note** If you receive an error while attempting to connect to your instance, make sure that your instance meets all of the [SSH connection prerequisites](#ssh-prereqs-linux-from-linux-macos). If it meets all of the prerequisites, and you're still not able to connect to your Linux instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). **Topics** + [ ## SSH connection prerequisites ](#ssh-prereqs-linux-from-linux-macos) + [ ## Connect to your Linux instance using an SSH client ](#connect-linux-inst-sshClient) ## SSH connection prerequisites Before you can connect to your Linux instance using SSH, complete the following tasks. **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). **Allow inbound SSH traffic from your IP address.** Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). **Install an SSH client on your local computer (if needed).** Your local computer might have an SSH client installed by default. You can verify this by entering the following command in a terminal window. If your computer doesn't recognize the command, you must install an SSH client. ``` ssh ``` The following are some of the possible options for Windows. If your computer runs a different operating system, see the documentation for that operating system for SSH client options. ## Install OpenSSH on Windows After you install OpenSSH on Windows, you can connect to your Linux instance from your Windows computer using SSH. Before you begin, ensure that you meet the following requirements. **Windows version** The version of Windows on your computer must be Windows Server 2019 or later. For earlier versions of Windows, download and install [Win32-OpenSSH](https://github.com/PowerShell/Win32-OpenSSH/wiki) instead. **PowerShell requirements** To install OpenSSH on your Windows OS using PowerShell, you must be running PowerShell version 5.1 or later, and your account must be a member of the built-in Administrators group. Run `$PSVersionTable.PSVersion` from PowerShell to check your PowerShell version. To check whether you are a member of the built-in Administrators group, run the following PowerShell command: ``` (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) ``` If you are a member of the built-in Administrators group, the output is `True`. To install OpenSSH for Windows using PowerShell, run the following PowerShell command. ``` Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 ``` The following is example output. ``` Path : Online : True RestartNeeded : False ``` To uninstall OpenSSH from Windows using PowerShell, run the following PowerShell command. ``` Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 ``` The following is example output. ``` Path : Online : True RestartNeeded : True ``` ## Install Windows Subsystem for Linux (WSL) After you install WSL on Windows, you can connect to your Linux instance from your Windows computer using Linux command line tools, such as an SSH client. Follow the instructions in [Install Windows Subsystem for Linux on your EC2 Windows instance](install-wsl-on-ec2-windows-instance.md). If you follow the instructions in Microsoft's installation guide, they install the Ubuntu distribution of Linux. You can install a different Linux distribution if you prefer. In a WSL terminal window, copy the `.pem` file (for the key pair that you specified for your instance at launch) from Windows to WSL. Note the fully-qualified path to the `.pem` file on WSL to use when connecting to your instance. For information about how to specify the path to your Windows hard drive, see [How do I access my C drive?](https://learn.microsoft.com/en-us/windows/wsl/faq#how-do-i-access-my-c--drive-). ``` cp /mnt//path/my-key-pair.pem ~/WSL-path/my-key-pair.pem ``` For information about uninstalling Windows Subsystem for Linux, see [How do I uninstall a WSL Distribution?](https://learn.microsoft.com/en-us/windows/wsl/faq#how-do-i-uninstall-a-wsl-distribution-). ## Connect to your Linux instance using an SSH client Use the following procedure to connect to your Linux instance using an SSH client. **To connect to your instance using an SSH client** 1. Open a terminal window on your computer. 1. Use the **ssh** command to connect to the instance. You need the details about your instance that you gathered as part of the prerequisites. For example, you need the location of the private key (`.pem` file), the username, and the public DNS name or IPv6 address. The following are example commands. + (Public DNS) To use the public DNS name, enter the following command. ``` ssh -i /path/key-pair-name.pem instance-user-name@instance-public-dns-name ``` + (IPv6) Alternatively, if your instance has an IPv6 address, enter the following command to use the IPv6 address. ``` ssh -i /path/key-pair-name.pem instance-user-name@2001:db8::1234:5678:1.2.3.4 ``` The following is an example response. ``` The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (198-51-100-1)' can't be established. ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY. Are you sure you want to continue connecting (yes/no)? ``` 1. (Optional) Verify that the fingerprint in the security alert matches the fingerprint. If these fingerprints don't match, someone might be attempting a man-in-the-middle attack. If they match, continue to the next step. For more information, see [Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). 1. Enter **yes**. You see a response like the following: ``` Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (ECDSA) to the list of known hosts. ``` # Connect to your Linux instance using PuTTY Connect using PuTTY You can connect to your Linux instance using PuTTY, a free SSH client for Windows. If you're running Windows Server 2019 or later, we recommend that you use OpenSSH, an open source connectivity tool for remote login using the SSH protocol. **Note** If you receive an error while attempting to connect to your instance, make sure that your instance meets all of the [SSH connection prerequisites](connect-linux-inst-ssh.md#ssh-prereqs-linux-from-linux-macos). If it meets all of the prerequisites, and you're still not able to connect to your Linux instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). **Topics** + [ ## Prerequisites ](#putty-prereqs) + [Convert your private key using PuTTYgen](#putty-private-key) + [ ## Connect to your Linux instance ](#putty-ssh) ## Prerequisites Before you connect to your Linux instance using PuTTY, complete the following tasks. **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). **Allow inbound SSH traffic from your IP address.** Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). **Install PuTTY on your local computer (if needed).** Download and install PuTTY from the [PuTTY download page](https://www.chiark.greenend.org.uk/~sgtatham/putty/). If you already have an earlier version of PuTTY installed, we recommend that you download the latest version. Be sure to install the entire suite. **Convert your private key to PPK format using PuTTYgen.** You must specify the private key for the key pair that you specified when you launched the instance. If you created the private key in .pem format, you must convert it to a PPK file for use with PuTTY. Locate the private key (.pem file), and then follow the steps in [Convert your private key using PuTTYgen](#putty-private-key). ## (Optional) Convert your private key using PuTTYgen Convert your private key using PuTTYgen PuTTY does not natively support the PEM format for SSH keys. PuTTY provides a tool named PuTTYgen, which converts PEM keys to the required PPK format for PuTTY. If you created the key using PEM format instead of PPK format, you must convert your private key (.pem file) into this format (.ppk file) for use with PuTTY. **To convert your private key from PEM to PPK format** 1. From the **Start** menu, choose **All Programs**, **PuTTY**, **PuTTYgen**. 1. Under **Type of key to generate**, choose **RSA**. If your version of PuTTYgen does not include this option, choose **SSH-2 RSA**. ![\[RSA key in PuTTYgen.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/puttygen-key-type.png) 1. Choose **Load**. By default, PuTTYgen displays only files with the extension `.ppk`. To locate your `.pem` file, choose the option to display files of all types. ![\[Select all file types.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/puttygen-load-key.png) 1. Select your `.pem` file for the key pair that you specified when you launched your instance and choose **Open**. PuTTYgen displays a notice that the `.pem` file was successfully imported. Choose **OK**. 1. To save the key in the format that PuTTY can use, choose **Save private key**. PuTTYgen displays a warning about saving the key without a passphrase. Choose **Yes**. **Note** A passphrase on a private key is an extra layer of protection. Even if your private key is discovered, it can't be used without the passphrase. The downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instance, or to copy files to an instance. 1. Specify the same name for the key that you used for the key pair (for example, `key-pair-name`) and choose **Save**. PuTTY automatically adds the `.ppk` file extension. Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client. ## Connect to your Linux instance Use the following procedure to connect to your Linux instance using PuTTY. You need the `.ppk` file that you created for your private key. For more information, see [(Optional) Convert your private key using PuTTYgen](#putty-private-key) in the preceding section. If you receive an error while attempting to connect to your instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). **Last tested version** – PuTTY .78 **To connect to your instance using PuTTY** 1. Start PuTTY (from the **Start** menu, search for **PuTTY** and then choose **Open**). 1. In the **Category** pane, choose **Session** and complete the following fields: 1. In the **Host Name** box, do one of the following: + (Public DNS) To connect using your instance's public DNS name, enter *instance-user-name*@*instance-public-dns-name*. + (IPv6) Alternatively, if your instance has an IPv6 address, to connect using your instance's IPv6 address, enter *instance-user-name*@*2001:db8::1234:5678:1.2.3.4*. For information about how to get the username for your instance, and the public DNS name or IPv6 address of your instance, see [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). 1. Ensure that the **Port** value is 22. 1. Under **Connection type**, select **SSH**. ![\[PuTTY configuration - Session.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/putty-session-config.png) 1. (Optional) You can configure PuTTY to automatically send 'keepalive' data at regular intervals to keep the session active. This is useful to avoid disconnecting from your instance due to session inactivity. In the **Category** pane, choose **Connection**, and then enter the required interval in **Seconds between keepalives**. For example, if your session disconnects after 10 minutes of inactivity, enter 180 to configure PuTTY to send keepalive data every 3 minutes. 1. In the **Category** pane, expand **Connection**, **SSH**, and **Auth**. Choose **Credentials**. 1. Next to **Private key file for authentication**, choose **Browse**. In the **Select private key file** dialog box, select the `.ppk` file that you generated for your key pair. You can either double-click the file or choose **Open** in the **Select private key file** dialog box. 1. (Optional) If you plan to connect to this instance again after this session, you can save the session information for future use. In the **Category** pane, choose **Session**. Enter a name for the session in **Saved Sessions**, and then choose **Save**. 1. To connect to the instance, choose **Open**. 1. If this is the first time you have connected to this instance, PuTTY displays a security alert dialog box that asks whether you trust the host to which you are connecting. 1. (Optional) Verify that the fingerprint in the security alert dialog box matches the fingerprint that you previously obtained in [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). If these fingerprints don't match, someone might be attempting a "man-in-the-middle" attack. If they match, continue to the next step. 1. Choose **Accept**. A window opens and you are connected to your instance. **Note** If you specified a passphrase when you converted your private key to the PuTTY format, you must provide that passphrase when you log in to the instance. If you receive an error while attempting to connect to your instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). # Transfer files to a Linux instance using SCP Transfer files using SCP One way to transfer files between your local computer and a Linux instance is to use the secure copy protocol (SCP). SCP is a good option for simple operations, such as as one-time file copies. SCP secures files transfers using the same .pem file that you use to connect to an instance using SSH. If you need to keep files synchronized, or if the files are large, **rsync** is faster and more efficient than SCP. For security, use **rsync** over SSH, as **rsync** transfers data using plain text by default. Before you connect to your Linux instance using SCP, complete the following tasks: + **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). + **Allow inbound SSH traffic from your IP address.** Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). + **Install an SCP client.** Most Linux, Unix, and Apple computers include an SCP client by default. If yours doesn't, the OpenSSH project provides a free implementation of the full suite of SSH tools, including an SCP client. For more information, see [https://www.openssh.com](https://www.openssh.com). The following procedure steps you through using SCP to transfer a file using the instance's public DNS name, or the IPv6 address if your instance has one. **To use SCP to transfer files between your computer and your instance** 1. Determine the location of the source file on your computer and the destination path on the instance. In the following examples, the name of the private key file is `key-pair-name.pem`, the file to transfer is `my-file.txt`, the username for the instance is ec2-user, the public DNS name of the instance is `instance-public-dns-name`, and the IPv6 address of the instance is `2001:db8::1234:5678:1.2.3.4`. + (Public DNS) To transfer a file to the destination on the instance, enter the following command from your computer. ``` scp -i /path/key-pair-name.pem /path/my-file.txt ec2-user@instance-public-dns-name:path/ ``` + (IPv6) To transfer a file to the destination on the instance if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (`[ ]`), which must be escaped (`\`). ``` scp -i /path/key-pair-name.pem /path/my-file.txt ec2-user@\[2001:db8::1234:5678:1.2.3.4\]:path/ ``` 1. If you haven't already connected to the instance using SSH, you see a response like the following: ``` The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f. Are you sure you want to continue connecting (yes/no)? ``` (Optional) You can optionally verify that the fingerprint in the security alert matches the instance fingerprint. For more information, see [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). Enter **yes**. 1. If the transfer is successful, the response is similar to the following: ``` Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts. my-file.txt 100% 480 24.4KB/s 00:00 ``` 1. To transfer a file in the other direction (from your Amazon EC2 instance to your computer), reverse the order of the host parameters. For example, you can transfer `my-file.txt` from your EC2 instance to the a destination on your local computer as `my-file2.txt`, as shown in the following examples. + (Public DNS) To transfer a file to a destination on your computer, enter the following command from your computer. ``` scp -i /path/key-pair-name.pem ec2-user@instance-public-dns-name:path/my-file.txt path/my-file2.txt ``` + (IPv6) To transfer a file to a destination on your computer if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (`[ ]`), which must be escaped (`\`). ``` scp -i /path/key-pair-name.pem ec2-user@\[2001:db8::1234:5678:1.2.3.4\]:path/my-file.txt path/my-file2.txt ``` # Manage system users on your Amazon EC2 Linux instance Manage Linux system users Each Linux instance launches with a default Linux system user. You can add users to your instance and delete users. For the default user, the [default username](#ami-default-user-names) is determined by the AMI that was specified when you launched the instance. **Note** By default, password authentication and root login are disabled, and sudo is enabled. To log in to your instance, you must use a key pair. For more information about logging in, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). You can allow password authentication and root login for your instance. For more information, see the documentation for your operating system. **Note** Linux system users should not be confused with IAM users. For more information, see [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html#id_iam-users) in the *IAM User Guide*. **Topics** + [ ## Default usernames ](#ami-default-user-names) + [ ## Considerations ](#add-user-best-practice) + [ ## Create a user ](#create-user-account) + [ ## Remove a user ](#delete-user-account) ## Default usernames The default username for your EC2 instance is determined by the AMI that was specified when you launched the instance. The default usernames are: + For an Amazon Linux AMI, the username is `ec2-user`. + For a CentOS AMI, the username is `centos` or `ec2-user`. + For a Debian AMI, the username is `admin`. + For a Fedora AMI, the username is `fedora` or `ec2-user`. + For a FreeBSD AMI, the username is `ec2-user`. + For a RHEL AMI, the username is `ec2-user` or `root`. + For a SUSE AMI, the username is `ec2-user` or `root`. + For an Ubuntu AMI, the username is `ubuntu`. + For an Oracle AMI, the username is `ec2-user`. + For a Bitnami AMI, the username is `bitnami`. **Note** To find the default username for other Linux distributions, check with the AMI provider. ## Considerations Using the default user is adequate for many applications. However, you may choose to add users so that individuals can have their own files and workspaces. Furthermore, creating users for new users is much more secure than granting multiple (possibly inexperienced) users access to the default user, because the default user can cause a lot of damage to a system when used improperly. For more information, see [Tips for Securing Your EC2 Instance](https://aws.amazon.com/articles/tips-for-securing-your-ec2-instance/). To enable users SSH access to your EC2 instance using a Linux system user, you must share the SSH key with the user. Alternatively, you can use EC2 Instance Connect to provide access to users without the need to share and manage SSH keys. For more information, see [Connect to your Linux instance using a public IP address and EC2 Instance Connect](connect-linux-inst-eic.md). ## Create a user First create the user, and then add the SSH public key that allows the user to connect to and log into the instance. **Important** In Step 1 of this procedure, you create a new key pair. Because a key pair functions like a password, it's crucial to handle it securely. If you create a key pair for a user, you must ensure that the private key is sent to them securely. Alternatively, the user can complete Steps 1 and 2 by creating their own key pair, keeping the private key secure on their machine, and then sending you the public key to complete the procedure from Step 3. **To create a user** 1. [Create a new key pair](create-key-pairs.md#having-ec2-create-your-key-pair). You must provide the `.pem` file to the user for whom you are creating the user. They must use this file to connect to the instance. 1. Retrieve the public key from the key pair that you created in the previous step. ``` $ ssh-keygen -y -f /path_to_key_pair/key-pair-name.pem ``` The command returns the public key, as shown in the following example. ``` ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6Vhz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXrlsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZqaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3RbBQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE ``` 1. Connect to the instance. 1. Use the **adduser** command to create the user and add it to the system (with an entry in the `/etc/passwd` file). The command also creates a group and a home directory for the user. In this example, the user is named `newuser`. + AL2023 and Amazon Linux 2 With AL2023 and Amazon Linux 2, the user is created with password authentication disabled by default. ``` [ec2-user ~]$ sudo adduser newuser ``` + Ubuntu Include the `--disabled-password` parameter to create the user with password authentication disabled. ``` [ubuntu ~]$ sudo adduser newuser --disabled-password ``` 1. Switch to the new user so that the directory and file that you create will have the proper ownership. ``` [ec2-user ~]$ sudo su - newuser ``` The prompt changes from `ec2-user` to `newuser` to indicate that you have switched the shell session to the new user. 1. Add the SSH public key to the user. First create a directory in the user's home directory for the SSH key file, then create the key file, and finally paste the public key into the key file, as described in the following sub-steps. 1. Create a `.ssh` directory in the `newuser` home directory and change its file permissions to `700` (only the owner can read, write, or open the directory). ``` [newuser ~]$ mkdir .ssh ``` ``` [newuser ~]$ chmod 700 .ssh ``` **Important** Without these exact file permissions, the user will not be able to log in. 1. Create a file named `authorized_keys` in the `.ssh` directory and change its file permissions to `600` (only the owner can read or write to the file). ``` [newuser ~]$ touch .ssh/authorized_keys ``` ``` [newuser ~]$ chmod 600 .ssh/authorized_keys ``` **Important** Without these exact file permissions, the user will not be able to log in. 1. Open the `authorized_keys` file using your favorite text editor (such as **vim** or **nano**). ``` [newuser ~]$ nano .ssh/authorized_keys ``` Paste the public key that you retrieved in **Step 2** into the file and save the changes. **Important** Ensure that you paste the public key in one continuous line. The public key must not be split over multiple lines. The user should now be able to log into the `newuser` user on your instance, using the private key that corresponds to the public key that you added to the `authorized_keys` file. For more information about the different methods of connecting to a Linux instance, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). ## Remove a user If a user is no longer needed, you can remove that user so that it can no longer be used. Use the **userdel** command to remove the user from the system. When you specify the `-r` parameter, the user's home directory and mail spool are deleted. To keep the user's home directory and mail spool, omit the `-r` parameter. ``` [ec2-user ~]$ sudo userdel -r olduser ```