Hi - I am running Solaris 10 and I need to create/modify a users account so they cannot log into the server directly with ssh. I do need to be able to su to their account once logged in with a different uname.

My goal is to run programs as this user.

I've found several posts that detail how to accomplish this for the root user but my searches on google, LQ and other sites have been fruitless.

I believe the term is non-interactive shell?

Any help is greatly appreciated.
Thanks!

You CAN do a non-interactive shell, but it's easier to use the DenyUsers directive, in the sshd_config, as so:

Restart SSHD. Fred, Joe, and Sally won't be able to log in over the network from ANY address. You will be able to log in from anywhere, but Mike will only be able to log in from 123.222.333.444. Check the man page for sshd_config for more options/details. Once you mess with the login shell, it causes you to have more 'fun' later, when you log in as YOU, then SU to another account...what happens then? That 'default' shell runs.......and you have to escape it, etc., to get something done....

When I created the users I did two things - one I gave them a blank password - which is denied by sshd, next I added DenyUsers [username] in the sshd_conf file and restarted ssh.

Thanks TBone - you make a good point. I don't like that kind of "fun"