shell /bin/false allowing SFTP access [Ubuntu 12.04]
I have a Linux installation (Ubuntu 12.04), managed not only by me. I had restricted SSH access to a user using
/usr/sbin/usermod -s /bin/false my_user
This didn't allow neither SFTP access nor console access.
However today, I found out that users with this shell, do have SFTP access and I'm very sure they didn't have access in the past.
Could there be a config change which is allowing this? Unfortunately, I can't contact any of the others guys to see if any accidental changes were made.
It could be that you have
Subsystem sftp internal-sftp
and/or
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
or
Match User username
ChrootDirectory %h
ForceCommand internal-sftp
configured which will allow users sftp access even if they have a /bin/false shell.
If you didn't set this up you could always audit the /var/log/audit.log
etc to see who did it by looking for who made edits (everyone does use sudo don't they) to /etc/ssh/sshd_config and restarted the sshd service.