On Fri, 2019-08-09 at 12:39 +0300, Nerijus Baliūnas via Rkhunter-users wrote: > 2019-08-09 12:18, John Horne rašė: > > On Thu, 2019-08-08 at 21:49 +0000, Richard Shelquist wrote: > > > I'm getting an ssh warning from rkhunter, even though the sshd and > > > rkhunter options for root login are both set to "no". My server is > > > running Centos 7.6.1810 with rkhunter 1.4.6. > > > > > > The system started with sshd and rkhunter root login options set to > > > "yes", and I was not receiving any error message. But then when server > > > setup was complete, I switched both of the root login options to "no" and > > > that is when the warnings began. > > > > > > Here are grep results which verify that the sshd and rkhunter config > > > settings are both set to "no": > > > > > > $grep PermitRootLogin /etc/ssh/sshd_config > > > PermitRootLogin no > > > > > You need the equal sign (=) in there. > > PermitRootLogin=no > > Not really, PermitRootLogin no works OK. Actually there are no "=" in > /etc/ssh/sshd_config > except line # This sshd was compiled with PATH=/usr/local/bin:/usr/bin > Oops, you are correct. I completely misread that as the RKH config option.
In which case I would suspect an odd character has got into one of the config files for those options. Try running: cat -vet /etc/ssh/sshd_config | grep PermitRootLogin and see if any odd characters (a space or control characters) are shown with the option. (The line should end with a dollar sign, so a space at the end will look like '...no $' rather than '...no$') John. -- John Horne | Senior Operations Analyst | Technology and Information Services University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK ________________________________ [http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass> This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form. _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
