/bin/false is *not* security

[Flojo]

http://www.semicomplete.com/articles/ssh-security/

TLDR;
Dont overlook (but rather straight out Deny) tunneling/forwarding: AllowTcpForwarding, X11Forwarding, PermitTunnel

Now for the the full article, best click the above link

HTH

 

[itareanlnotani]

True /bin/false doesn't give login to users ( i also use that as one of my system firming methods), but you don't want password auth logins at all, safer still to use key auth only for SSH.
So I don't think its "secure" either, as the password can still be gotten with password auth

Better to use key based login - then only users with access... have access.

Writeup on that here - https://www.digitalocean.com/commun...sh-key-based-authentication-on-a-linux-server