Locking Your Shell

General Information

Often times we SSH into our BSD boxes and then have to leave our stations for a little bit. If we don’t do anything special with our open terminal, that poses a serious security threat to our boxes. nike huarache asics gel kayano nike air max pas cher Wouldn’t it be nice if we could just lock the open terminal without having to close the connection? Well, we can with a built-in utility called lock(8). There is also the vlock port that I will discuss as well.


  1. Local access on the box.
  2. A SSH client such as puTTy or SecureCRT (if you are using it remotely).



This first method uses the built-in lock(8) command.

 $ lock Key: Again: lock: /dev/ttyp0 on liljon.bsdguides.org. adidas homme nike air tn timeout in 15 minutes.  bottes ugg new balance gris nike pas cher 2017 UGG Bottes time now is Sun Oct 10 13:24:21 MST 2004 Key: 

Once you issue lock, you will be prompted to enter the unlocking key, or passphrase. You will also notice that the lock will automatically timeout and unlock in 15 minutes. This is a security problem if you will be gone for more than 15 minutes. nike roshe run As with most commands, there are options you can tag onto the command to override the defaults. https://www.goldufo.com The default behavior of lock is to request an unlocking key and to timeout in 15 minutes. asics soldes I like issuing

 $ lock -np lock: /dev/ttyp0 on liljon.bsdguides.org. new balance soldes ugg classic mini no timeout. nike air huarache Adidas Gazelle Soldes time now is Sun Oct 10 13:28:16 MST 2004 Key: 

With these two options, there is no timeout and the key is your password from /etc/passwd.

If you looked at the manpages, you’d see there are four options for use with lock(8).

 The following options are available: -n Don't use a timeout value. Terminal will be locked forever.  nike air max pas cher adidas nmd new balance soldes -p A password is not requested, instead the user's current login password is used. new balance soldes -t timeout The time limit (default 15 minutes) is changed to timeout min- utes. new balance pas cher -v Disable switching virtual terminals while this terminal is locked. adidas chaussures basket adidas zx flux 


This second method uses the vlock port. asics gel nimbus 18 soldes ugg bailey button I personally find it more attractive and simpler to use.


 # cd /usr/ports/security/vlock # make install distclean 

If you don’t ever want to use lock(8) again, you can replace the file with a link to vlock.

 # mv /usr/bin/lock /usr/bin/lock.old # ln -s /usr/local/bin/vlock /usr/bin/lock 


vlock is pretty straight forward.

 # vlock *** This tty is not a VC (virtual console). new balance avis *** *** It may not be securely locked.  bottes ugg pas cher nike pas cher *** This TTY is now locked. nike cortez timberland roll top pas cher ugg bottes Please enter the password to unlock. ugg australia jon's Password: 

Note: If you replaced lock(8) with a symlink, you can just issue lock instead of vlock.

That’s all there is to it.

Speak Your Mind