Dear Maintainers, Another similar problem hits the PermitRootLogin parameter.
The openssh-server in Debian testing / Buster (Version: 1:7.4p1-10+deb9u1) sets prohibit-password as default value for the PermitRootLogin parameter. If not present in the sshd_config file, rkhunter considers the default value as 'yes' allowing root access using password and will generate a warning. So, if the default value "prohibit-password" is secure enough, maybe changing this line ALLOW_SSH_ROOT_USER=unset can solve this. Regards, Jean-Marc <jean-m...@6jf.be>
pgp4Y_HkOwqlv.pgp
Description: PGP signature
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel