Dear Maintainers,

Another similar problem hits the PermitRootLogin parameter.

The openssh-server in Debian testing / Buster (Version: 1:7.4p1-10+deb9u1) sets 
prohibit-password as default value for the PermitRootLogin parameter.

If not present in the sshd_config file, rkhunter considers the default value as 
'yes' allowing root access using password and will generate a warning.

So, if the default value "prohibit-password" is secure enough, maybe changing 
this line

ALLOW_SSH_ROOT_USER=unset

can solve this.

Regards,

Jean-Marc <jean-m...@6jf.be>

Attachment: pgpL1OoPr4ckC.pgp
Description: PGP signature

Reply via email to