Bug#865972: #865972 - same problem of false positive regarding PermitRootLogin parameter
On 2017-08-08 at 18:57:25, Jean-Marc wrote: > So, if the default value "prohibit-password" is secure enough, maybe changing > this line > > ALLOW_SSH_ROOT_USER=unset > > can solve this. It looks fine to me, but I'm not entirely sure that we should stop recommending that root logins be disabled. Also, if we disable the check, then it won't warn if someone has root logins enabled with passwords. I will leave it as it is for now. Francois -- https://fmarier.org/
Bug#865972: #865972 - same problem of false positive regarding PermitRootLogin parameter
Dear Maintainers, Another similar problem hits the PermitRootLogin parameter. The openssh-server in Debian testing / Buster (Version: 1:7.4p1-10+deb9u1) sets prohibit-password as default value for the PermitRootLogin parameter. If not present in the sshd_config file, rkhunter considers the default value as 'yes' allowing root access using password and will generate a warning. So, if the default value "prohibit-password" is secure enough, maybe changing this line ALLOW_SSH_ROOT_USER=unset can solve this. Regards, Jean-Marc pgpL1OoPr4ckC.pgp Description: PGP signature