Hi there
On 24/08/17 15:39, Dan Ritter wrote:
As of Stretch, the standard OpenSSH sshd does not support Protocol 1, so there's no particular reason to enforce it by stating Protocol 2.
I assumed as much. It's just a simple way to keep rkhunter happy.
PermitRootLogin now defaults to "prohibit-password", which means that you can log in as root with a proper SSH key or via other methods you have set up, but not with a password. Another useful argument is forced-commands-only, which requires both public-key authentication and a command="blah blah" option in the authorized_keys file, and only allows those commands to be run. If you've got a pull backup system, that can help.
The alternative would be to reconfigure rkhunter. Regards, Rob
