On Fri, Oct 31, 2003 at 01:55:13PM -0800 or thereabouts, Kevyn Shortell wrote: > It's often overlooked but a much easier method for locking a user out is > simply to change their default shell to /bin/false or something like it. > SSH keys or not, they won't be getting access to the box anytime soon > without a default shell.
A valid point, but iirc, this still allows the user to do things which don't require an interactive shell. (scp, for instance) Ideally, there is one simple way of *completely* locking out a user from a machine, short of deleting their entry in /etc/(passwd|shadow) --kurt
pgp00000.pgp
Description: PGP signature
