NO ssh login for local user from passwd

[Stewa]

Hi guys,

after configuration vsftpd I need to disallow ssh login (port 22) for all users in /etc/passwd except root user.

Exist any command to do that, or the easier way is to erase some char in /etc/passwd?

thx!

[DrChair]

replace the shell of the users in /etc/passwd with /sbin/nologin

example:

Code:

root:---------------:0:0:root:/usr/local/root:/bin/sh
nobody:x:99:99:nobody:/:/sbin/nologin
ftp:----------------:501:501:Linux User,,,:/home/ftp:/sbin/nologin

[Stewa]

replace the shell of the users in /etc/passwd with /sbin/nologin

example:

Code:

root:---------------:0:0:root:/usr/local/root:/bin/sh
nobody:x:99:99:nobody:/:/sbin/nologin
ftp:----------------:501:501:Linux User,,,:/home/ftp:/sbin/nologin

Thanks for reply, but this is not exactly what I want, because now users cannot login over ftp:-(
What I want is to forbid only SSH login.

[al37919]

Here is an example for similar purpose which I can quickly find
http://subversion.apache.org/faq.htm...zed-keys-trick
However, you have to install openssh. dropbear doesn't allow this trick

[DrChair]

Thanks for reply, but this is not exactly what I want, because now users cannot login over ftp:-(
What I want is to forbid only SSH login.

Strange...
I copied the sample out of my own passwd file (I only changed the password-hash into -------) But I can use the user ftp for ftp, but not for ssh.

I'm using ProFTPD, and apparently that doesn't check if the usershell exists.
cause when I checked it at my router, I found that /sbin/nologin is missing.

I guess your ftp-server (vsftpd?) however does check it.

You can try it with /bin/false as the user-shell, that one does exist and serves the same purpose.