On Tue, Mar 14, 2006 at 08:32:06PM +0000, Arnór Kristjánsson wrote: > How can I turn off shell access (through SSH) for certain users?
If you want to disable all shell access (including local) then set the user's login shell to something not in /etc/shells (/bin/false is a good choice). If you want to disable ssh access but allow all other access (including telnet, xdm, etc., if you have them enabled!) then you can edit /etc/pam.d/ssh to envoke the list-file module, documented in [1] in the libpam-doc package. This will allow you to specify either a whitelist or a blacklist of users (or both). You might want to create a /etc/pam.d/common-netsession-blacklist which envokes this, then have ssh, xdm, etc., merely include it. [1] file:///usr/share/doc/libpam-doc/html/pam-6.html#ss6.13 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
