diff --git a/amtmanager.js b/amtmanager.js
index b7d5004a..7b9008bb 100644
--- a/amtmanager.js
+++ b/amtmanager.js
@@ -869,6 +869,8 @@ module.exports.CreateAmtManager = function (parent) {
                     if (domain.amtmanager.tlsrootcert2 != null) {
                         xxCaPrivateKey = domain.amtmanager.tlsrootcert2.key;
                         issuerattributes = domain.amtmanager.tlsrootcert2.attributes;
+                        // TODO: We should change the start and end dates of our issued certificate to at least match the root.
+                        // TODO: We could do one better and auto-renew TLS certificates as needed.
                     }
 
                     // Set the extended key usages
diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index 14d983f9..42495622 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -302,6 +302,17 @@
               "MaxSingleUserSessions": { "type": "integer" }
             }
           },
+          "terminal": {
+            "type": "object",
+            "description": "Values that affect the terminal feature",
+            "properties": {
+              "linuxshell": {
+                "type": "string",
+                "enum": [ "any", "root", "user", "login" ],
+                "default": "any"
+              }
+            }
+          },
           "amtManager": {
             "type": "object",
             "additionalProperties": false,
diff --git a/meshuser.js b/meshuser.js
index 109844c6..fc26e417 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -467,6 +467,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                 if (parent.parent.config.settings.managealldevicegroups.indexOf(user._id) >= 0) { serverinfo.manageAllDeviceGroups = true; }
                 if (obj.crossDomain === true) { serverinfo.crossDomain = []; for (var i in parent.parent.config.domains) { serverinfo.crossDomain.push(i); } }
             }
+            if (typeof domain.terminal == 'object') { // Settings used for remote terminal feature
+                if ((typeof domain.terminal.linuxshell == 'string') && (domain.terminal.linuxshell != 'any')) { serverinfo.linuxshell = domain.terminal.linuxshell; }
+            }
 
             // Send server information
             try { ws.send(JSON.stringify({ action: 'serverinfo', serverinfo: serverinfo })); } catch (ex) { }
diff --git a/translate/translate.json b/translate/translate.json
index 5db03756..83e54991 100644
--- a/translate/translate.json
+++ b/translate/translate.json
@@ -22819,6 +22819,12 @@
         "default.handlebars->31->1820"
       ]
     },
+    {
+      "en": "Lock the remote computer",
+      "xloc": [
+        "default.handlebars->container->column_l->p11->deskarea0->deskarea4->1"
+      ]
+    },
     {
       "cs": "Zamknuto",
       "de": "Gesperrt",
@@ -46237,4 +46243,4 @@
       ]
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/views/default.handlebars b/views/default.handlebars
index c93bfe74..80b0036a 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -4856,6 +4856,10 @@
                 case 'termConnectButton': {
                     // Terminal connect button context menu
                     if ((currentNode == null) || (currentNode.agent == null)) return true;
+
+                    // If the server has a specific terminal shell mode, don't show connection options
+                    if (serverinfo.linuxshell && (currentNode.agent.id > 4)) return;
+
                     contextelement = elem;
                     var contextmenudiv = document.getElementById('termShellContextMenu'); // Windows options (Power Shell)
                     if (currentNode.agent.id > 4) { contextmenudiv = document.getElementById('termShellContextMenuLinux'); } // Non-Windows options
@@ -8060,6 +8064,13 @@
                         }
                     }
 
+                    // If the server requires a shell type
+                    if ((serverinfo.linuxshell) != null && (currentNode.agent.id > 4)) {
+                        if (serverinfo.linuxshell == 'root') { termoptions.protocol = 1; delete termoptions.requireLogin; }
+                        if (serverinfo.linuxshell == 'user') { termoptions.protocol = 8; delete termoptions.requireLogin; }
+                        if (serverinfo.linuxshell == 'login') { termoptions.protocol = 1; termoptions.requireLogin = true; }
+                    }
+
                     if (args.xterm !== 0) {
                         // Setup a mesh agent xterm terminal
                         QV('termarea3xdiv', true);
@@ -8081,11 +8092,12 @@
                         });
 
                         // Setup a terminal tunnel to the agent
-                        terminal = CreateAgentRedirect(meshserver, CreateRemoteTunnel(tunnelUpdate, options), serverPublicNamePort, authCookie, authRelayCookie, domainUrl);
+                        terminal = CreateAgentRedirect(meshserver, CreateRemoteTunnel(tunnelUpdate, termoptions), serverPublicNamePort, authCookie, authRelayCookie, domainUrl);
                         terminal.debugmode = debugmode;
                         terminal.m.debugmode = debugmode;
+                        terminal.options = termoptions;
                         terminal.options = { cols: xterm.cols, rows: xterm.rows };
-                        if (options && options.requireLogin) { terminal.options.requireLogin = true; }
+                        if (termoptions.requireLogin) { terminal.options.requireLogin = true; }
                         terminal.Start(terminalNode._id);
                         terminal.onStateChanged = onTerminalStateChange;
                         terminal.contype = 1;