# Disabling Login



## SomeoneHere (Apr 3, 2009)

I have been trying to figure out how to do this is Freebsd and haven't been able to find the answer.  I have an email server that allows for ssh connection.  I want to disable users from being able to connect through ssh.  But I also don't want them to be able to log in if they were standing at the computers.  I know that in CENTOS all I have to do is change the X to * in the /etc/passwd file.  Is there a way to do this in Freebsd??


----------



## vivek (Apr 3, 2009)

Try to lock down login:

```
pw lock username
```
Try to unlock  login

```
pw unlock username
```


----------



## SomeoneHere (Apr 3, 2009)

Yeah but by using pw lock the user cannot connect to the box for email.  I want them to be allowed to connect for imap or pop3 but I do not want them to access to ssh or be able to login if they were at the machine.


----------



## anomie (Apr 3, 2009)

`# chpass -s /usr/sbin/nologin <user_here>`


----------



## graudeejs (Apr 4, 2009)

i think
pw usermod +s nologin

or there was something like
touch /etc/nologin (or was it touch /var/run/nologin, probably this one)
to diable login for all users at once


----------



## phoenix (Apr 5, 2009)

SomeoneHere said:
			
		

> I have been trying to figure out how to do this is Freebsd and haven't been able to find the answer.  I have an email server that allows for ssh connection.  I want to disable users from being able to connect through ssh.  But I also don't want them to be able to log in if they were standing at the computers.  I know that in CENTOS all I have to do is change the X to * in the /etc/passwd file.  Is there a way to do this in Freebsd??



*vipw* works (virtually) the same on FreeBSD as it does on Linux.    You can manually change the password field to *, same as on Linux.


----------



## vivek (Apr 6, 2009)

Another option for complex login control is PAM. For e.g. disallow SSH but allow FTP, SMTP and IMAP. This is ideal for large number of users.


----------



## lme@ (Apr 6, 2009)

You only want to deny login for some users via ssh?
See DenyUsers option in sshd_config(5)


----------

