SSH tunnel server, no shell but still able to change pw?
I have an SSH tunnel server that some people at work are using instead of a vpn since it's much nicer and simpler.
I don't want to give the users shells at all but I still want them to be able to change their own passwords.
At the moment, they just execute /bin/cat so their session stays open but they cannot get any shell or input any commands.
I am thinking about perhaps making chroots for them instead in which case they can have a shell that has basically no view or access to anything, but I still want them to be able to change their passwords, however if they are in a jail then they cannot get access to the /etc/ files to change their pw.