On Fri, 31 Oct 2003, Kurt Lieber wrote:
> On Fri, Oct 31, 2003 at 01:55:13PM -0800 or thereabouts, Kevyn Shortell wrote: > > It's often overlooked but a much easier method for locking a user out is > > simply to change their default shell to /bin/false or something like it. > > SSH keys or not, they won't be getting access to the box anytime soon > > without a default shell. > > A valid point, but iirc, this still allows the user to do things which > don't require an interactive shell. (scp, for instance) I don't think that is the case - actually, I've managed to break scp by changing bashrc output. scp does require the user to have a valid shell. -- [EMAIL PROTECTED] mailing list
