Select the login-shell for your customer. If you want to disable remote login, choose /bin/false. If you set the login-shell to /bin/passwd, your customer will just be able to change his password.