On 8/9/2019 4:37 AM, John Horne wrote: > On Fri, 2019-08-09 at 12:39 +0300, Nerijus Baliūnas via Rkhunter-users wrote: >> 2019-08-09 12:18, John Horne rašė: >>> On Thu, 2019-08-08 at 21:49 +0000, Richard Shelquist wrote: >>>> I'm getting an ssh warning from rkhunter, even though the sshd and >>>> rkhunter options for root login are both set to "no". My server is >>>> running Centos 7.6.1810 with rkhunter 1.4.6. >>>> >>>> The system started with sshd and rkhunter root login options set to >>>> "yes", and I was not receiving any error message. But then when server >>>> setup was complete, I switched both of the root login options to "no" and >>>> that is when the warnings began. >>>> >>>> Here are grep results which verify that the sshd and rkhunter config >>>> settings are both set to "no": >>>> >>>> $grep PermitRootLogin /etc/ssh/sshd_config >>>> PermitRootLogin no >>>> >>> You need the equal sign (=) in there. >>> PermitRootLogin=no >> >> Not really, PermitRootLogin no works OK. Actually there are no "=" in >> /etc/ssh/sshd_config >> except line # This sshd was compiled with PATH=/usr/local/bin:/usr/bin >> > Oops, you are correct. I completely misread that as the RKH config option. > > In which case I would suspect an odd character has got into one of the config > files for those options. > > Try running: > cat -vet /etc/ssh/sshd_config | grep PermitRootLogin > > and see if any odd characters (a space or control characters) are shown with > the option. (The line should end with a dollar sign, so a space at the end > will > look like '...no $' rather than '...no$') >
John, you got it right. There was a DOS ^M character which somehow ended up in the /etc/ssh/sshd_config file. Thank you for the suggestion. Problem solved. _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
