On Thu 24 Aug 2017 at 15:44:30 +0200, Rob van der Putten wrote: > Hi there > > > On 24/08/17 15:39, Dan Ritter wrote: > > >As of Stretch, the standard OpenSSH sshd does not support > >Protocol 1, so there's no particular reason to enforce it > >by stating Protocol 2. > > I assumed as much. It's just a simple way to keep rkhunter happy. > > >PermitRootLogin now defaults to "prohibit-password", which > >means that you can log in as root with a proper SSH key or > >via other methods you have set up, but not with a password. > >Another useful argument is forced-commands-only, which requires > >both public-key authentication and a command="blah blah" option > >in the authorized_keys file, and only allows those commands to > >be run. If you've got a pull backup system, that can help. > > The alternative would be to reconfigure rkhunter.
You could make a start by purging it from your system. It performs no useful function. -- Brian.
