Dear Maintainers, Another similar problem hits the PermitRootLogin parameter.
The openssh-server in Debian testing / Buster (Version: 1:7.4p1-10+deb9u1) sets prohibit-password as default value for the PermitRootLogin parameter. If not present in the sshd_config file, rkhunter considers the default value as 'yes' allowing root access using password and will generate a warning. So, if the default value "prohibit-password" is secure enough, maybe changing this line ALLOW_SSH_ROOT_USER=unset can solve this. Regards, Jean-Marc <[email protected]>
pgpL1OoPr4ckC.pgp
Description: PGP signature
