answering to myself, i post this trick in the past in another list.
Hope this helps!!!
Travis H. wrote:
ssh need to be open on WAN interface and all user that have real shell
could be disabled for security concern.
Be careful when trying to disable users via their login shell:
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B