incorrectly warns about ssh settings
Bug #43124 reported by
Matt Galvin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rkhunter (Ubuntu) |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Binary package hint: rkhunter
--- snip ---
* Check: SSH
Searching for sshd_config...
Found /etc/ssh/
Checking for allowed root login... Watch out Root login possible. Possible risk!
info: PermitRootLogin yes
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ OK (Only SSH2 allowed) ]
--- snip ---
"PermitRootLogin yes" is the new default for both debian and upstream therefore this warning is not entirely correct and should not be display in such a scary fashion.
See /usr/share/
Changed in rkhunter: | |
assignee: | gothicx → nobody |
To post a comment you must log in.
IMO this behavior is not a bug. rkhunter correctly warns about ssh root login risk, it shouldn't matter what security policy distribution enforces.
I'd consider it a bug instead if rkhunter wouldn't warn when PermitRootLogin is enabled.