WinSCP able to access when others are not

kenhawkins

Member
Jan 12, 2007
5
0
151
Ok this is a bit strange all shell access has been shut off to users as well ftp except in one user instance. yet when someone uses a WinSCP client they can scp right in and copy/download away.:eek:

Has anyone else encountered something like this? Is there a configuration somewhere that I have missed in securing up the box?

further notes:

passwd file for the users are;
/sbin/nologin for the shell

and as a precaution sshd_config has;
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server

and somehow they are still able to get in...

thanks,
ken;
 
Last edited:

t9clkclnr

Well-Known Member
Jun 11, 2004
254
0
166
Southern California
did they setup a key?

maybe they using a key to get in and not having to enter a password? Not sure that would bypass nologin flags.

sounds kind of scary regardless.