On Sat, 2017-03-25 at 18:56 +0000, Joey Armstrong wrote: > Hi, > > I was running rkhunter earlier and had a persistent warning reported about > legacy ssh protocol in use: > > Performing system configuration file checks > Checking if SSH protocol v1 is allowed [ Warning ] > > > The system does not allow v1 so I started poking at the test and found that > ssh config values were retrieved from a single config file > (sshd_conf). [fyi] The linux distribution that rk was invoked on uses a > default open-ss* package installation that has vars split between two > independent files -- sshd_conf and ssh_conf: > > % egrep 'Proto|Root' /etc/ssh/* > /etc/ssh/ssh_config: Protocol 2 > /etc/ssh/sshd_config: PermitRootLogin no > > Exclusively searching for "Protocol" in sshd_conf confused the test and will > always report a warning when mutliple config files are in use. > Hi,
The ssh_conf file is for outbound connections. We are not really bothered if protocol version 1 is used or not since it is up to the remote (receiving) server as to whether it accepts the connection or not. The sshd_conf file is used for inbound connections, and that we do want to check to ensure that SSH protocol version 1 is not allowed. In your case, from the RKH config file: ======= If the 'Protocol' option has not been set in the SSH configuration file, then a value of '2' may be set here in order to suppress a warning message. ======= So just set 'ALLOW_SSH_PROT_V1=2' in your RKH config file. John. -- John Horne | Senior Operations Analyst | Technology and Information Services Plymouth University | Drake Circus | Plymouth | Devon | PL4 8AA | UK ________________________________ [http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass> This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, Plymouth University accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. Plymouth University does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users