Disabling Login

[SomeoneHere]

I have been trying to figure out how to do this is Freebsd and haven't been able to find the answer. I have an email server that allows for ssh connection. I want to disable users from being able to connect through ssh. But I also don't want them to be able to log in if they were standing at the computers. I know that in CENTOS all I have to do is change the X to * in the /etc/passwd file. Is there a way to do this in Freebsd??

 

[vivek]

Try to lock down login:

pw lock username

Try to unlock login

pw unlock username

 

[SomeoneHere]

Yeah but by using pw lock the user cannot connect to the box for email. I want them to be allowed to connect for imap or pop3 but I do not want them to access to ssh or be able to login if they were at the machine.

 

[anomie]

# chpass -s /usr/sbin/nologin <user_here>

 

[graudeejs]

i think
pw usermod +s nologin

or there was something like
touch /etc/nologin (or was it touch /var/run/nologin, probably this one)
to diable login for all users at once

 

[phoenix]

I have been trying to figure out how to do this is Freebsd and haven't been able to find the answer. I have an email server that allows for ssh connection. I want to disable users from being able to connect through ssh. But I also don't want them to be able to log in if they were standing at the computers. I know that in CENTOS all I have to do is change the X to * in the /etc/passwd file. Is there a way to do this in Freebsd??

vipw works (virtually) the same on FreeBSD as it does on Linux. You can manually change the password field to *, same as on Linux.

 

[vivek]

Another option for complex login control is PAM. For e.g. disallow SSH but allow FTP, SMTP and IMAP. This is ideal for large number of users.

 

[lme@]

You only want to deny login for some users via ssh?
See DenyUsers option in sshd_config(5)