@seiichiro0185: Thanks. I also looked at /etc/pam.d/sshd, however, how did you compare it to a previous version? With A.R.M. or etckeeper?
]]>I did some investigating and found the cause: the file /etc/pam.d/sshd was changed in one of the last updates, changing the way logins are checked against pam for ssh. In the old file there was no check against /etc/shells, which basically meant you could have anything set as shell for the sftp-users. But with the change in the pam file (its now referencing the base pam files), /etc/shells is now also checked on ssh login, which renders the logins created like discribed on the wiki-page unusable.
So it seems the way the OP used (/sbin/nologin and entry in /etc/shells) is the right one. I have edited the wiki to reflect this change.
]]>If it really really concerns you, you should bring this up on the wiki talk page rather than on these forums.
]]># usermod -s /bin/false sftpuser1
does not allow me to sftp into the user account.
Sshd debug output is
debug1: userauth-request for user sftpuser1 service ssh-connection method password [preauth]
debug1: attempt 4 failures 3 [preauth]
debug1: PAM: password authentication failed for sftpuser1: Authentication failure
Failed password for sftpuser1 from <IP> port 42482 ssh2
When replaced with the following two steps, I am able to sftp into the user account
# usermod -s /sbin/nologin sftpuser1
and add the following line to /etc/shells
/sbin/nologin
Should the wiki page be updated or am I missing something?
]]>