since i'm more like a newbie concerning linux security, i have no idea what i have to change/disable in order to get "secure shells".
Have a look at the "FAQ: Security references" sticky thread and these two threads about shell account servers: http://www.linuxquestions.org/questi...threadid=72862 http://www.linuxquestions.org/questi...threadid=65514
What you will be doing is allowing people access to your system, your resources. Even if you know them face to face, they could be unwillingly unleash applications or attract situations that could harm the systems operability or connectivity. What you need is to lessen the risks of someone breaking or compromising the system.
What I would suggest is, in addition to the resources mentioned, to do like commercial servers, and group users by level of need. Restrict access to daemons/network, and allow specific restrictions to be lifted per group or even per user.
for example, i'd like to provide the user with "ping" but i want limited access for packet size, interval etc.
IMO a "more secure" scenario would go like this:
Unset the suid bit and make ping only accessable by root.
Code a frontend using the systems authentication (sudo, PAM db+ Perl, PHP, Tcl, whatever), drop the validated input to a script, add a temporary netfilter rule with limits, execute and clean up.
Also have a look at alternatives like hping2, nmap, lft, tcptraceroute. If you use precoded frontends make sure you test them well and disable any options you do not explicitly need.
I haven't seen something like a "shell account provider HOWTO", hope you read then "Securing Debian" one tho.