Disable user accounts without deleting them


DreamHost have a policy where if a user account is deleted, it cannot be restored and a user with the same name cannot be created. Sometimes it’s necessary to disable access to a user account if it isn’t going to be used in the long term or will only be used once every so often.

While it won’t protect against port forwarding, you could add an extra option for the shell type a user can run with /bin/false or /sbin/nologin which is sufficient to prevent access to the user files. It’s not perfect security but it would serve its purpose and offer some peace of mind.