To allow SSH console login but disallow GUI login for a user on Linux, you can modify the user’s login shell to be a non-GUI shell. Here are the steps to do so:
- Open a terminal window and log in as the root user or another user with administrative privileges.
- Edit the user’s login shell:
- Use a text editor (such as
nanoorvim) to edit the user’s login shell. For example, to edit the login shell for the user “bob”, you can use the following command:sudo nano /etc/passwd
- Find the line for the user you want to modify (in this case, “bob”) and change the login shell to a non-GUI shell. For example, you can change the shell from
/bin/bashto/bin/shor/bin/zsh.
- Use a text editor (such as
- Save and exit the file:
- Save the changes you made to the file and exit the text editor.
- Test the login:
- Try to log in to the user account using SSH. You should be able to log in to the console, but not the GUI.
Note that this method only prevents GUI login using GDM, KDM, or X Windows. It does not prevent other forms of graphical login (such as through VNC or RDP) or other forms of remote access (such as FTP or SCP). If you want to disable all forms of graphical login and remote access, you can use a firewall to block incoming traffic on the relevant ports, or use other security measures such as SELinux or AppArmor.