And finally I discovered an issue. SFTP did not work anymore. The debug session showed:
[..] debug1: Sending subsystem: sftp debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 0
The user only has the RSSH shell (sftp enabled) and he is further limited by the following entry in .ssh/authorized_keys:
command="/usr/lib/sftp-server" [SSH-key]
But this doesn't work anymore. /usr/lib/sftp-server now is a symlink to /usr/lib/openssh/sftp-server and I had to change the .ssh/authorized_keys for the user to:
command="/usr/lib/openssh/sftp-server" [SSH-key]
and access is granted again.
Update
This one can be found in syslog:
rssh[xxx]: user XXX attempted to execute forbidden commands rssh[xxx]: command: /usr/lib/sftp-server