hi
I just found out that any user can log in with an ftp client to sftp with their password and using "root" as user
users who have NO /bin/sh but only /bin/false
using their own password
I used filezilla with SFTP using SSH2, I could not do this with winscp
How can I prevent this from happening?
They can't do much however denying ssh is then a useless function. I don't want users to poke around through the system.
thank you
ronald
Status:
Closed (fixed)