> One of the traditional way to lock an account is to set the shell to > /bin/false. Theoretically there might still be some problem with that, > too, but I can't think of anything. Can they still use scp with this? It seems like they would be able to...