methods of prevent a user (or group) to be able to login
is the only method to prevent a user from logging into the server setting the users shell to /dev/null?
Another alternative to using passwd -l
would be to use passwd -d
and delete the user's password.
Agree with ironchef regarding that configuring your sshd with AllowUsers or AllowGroups alternatively DenyUsers or DenyGroups might be a good solution, depending on what you are specifically trying to accomplish.
Regarding the option of setting a denying shell. If you have a /sbin/nologin available that might be preferable to /dev/null or /bin/false. Using /sbin/nologin will basicly have the same effect (non-zero exit), but with the extra bonus of the user getting a short message about the login being disabled.
Since you seem to want to keep the account around I assume you might be using them for something else? Depending on what that is, the locking of accounts may or may not be a good idea.
As already stated, please let people know what problem you are trying to solve, etc. Usually you can get a lot better advice that way.