Wednesday, November 21, 2018

linux - shell /bin/false allowing SFTP access [Ubuntu 12.04]



I have a Linux installation (Ubuntu 12.04), managed not only by me. I had restricted SSH access to a user using 



/usr/sbin/usermod -s /bin/false my_user



This didn't allow neither SFTP access nor console access.



However today, I found out that users with this shell, do have SFTP access and I'm very sure they didn't have access in the past.



Could there be a config change which is allowing this? Unfortunately, I can't contact any of the others guys to see if any accidental changes were made.


Answer



It could be that you have 




Subsystem       sftp    internal-sftp


and/or



Match Group sftpusers
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no



or 



 Match User username
   ChrootDirectory %h
   ForceCommand internal-sftp


configured which will allow users sftp access even if they have a /bin/false shell.
If you didn't set this up you could always audit the /var/log/audit.log etc to see who did it by looking for who made edits (everyone does use sudo don't they) to /etc/ssh/sshd_config and restarted the sshd service.



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...