Here is how to disable user accounts (password and SSH login) in #Linux to prevent login via GUI, SSH, or any other method. - nixCraft
Their TL;DR is at the bottom:
Summing up
Over time, commands have become more complex to turn off user account passwords, and the attack surface of Linux systems has also increased. The correct procedure is as follows:
- Stop all Linux processes owned by the user:
# killall -STOP -u- Delete the user password:
# passwd -d- Lockdown the user account:
# usermod -L -e 1- Politely refuse a login for the user account:
usermod -s /usr/sbin/nologinReversing all that is underneith the TL;DR:
How do I reverse the procedure?
First, set user login shell to /bin/bash:
usermod -s /bin/bashUnlock the user account:
# passwd -uSet a new password for the user account:
# passwdIf the Linux system wasn’t rebooted and all processes weren’t killed unlock and resume all Linux processes owned by the user:
# killall -CONT -uThis should have been the actual post with a link to the source at the end.
