On 24-08-17, Brian wrote: > On Thu 24 Aug 2017 at 15:44:30 +0200, Rob van der Putten wrote: > > > Hi there > > > > > > On 24/08/17 15:39, Dan Ritter wrote: > > > > >As of Stretch, the standard OpenSSH sshd does not support > > >Protocol 1, so there's no particular reason to enforce it > > >by stating Protocol 2. > > > > I assumed as much. It's just a simple way to keep rkhunter happy. > > > > >PermitRootLogin now defaults to "prohibit-password", which > > >means that you can log in as root with a proper SSH key or > > >via other methods you have set up, but not with a password. > > >Another useful argument is forced-commands-only, which requires > > >both public-key authentication and a command="blah blah" option > > >in the authorized_keys file, and only allows those commands to > > >be run. If you've got a pull backup system, that can help. > > > > The alternative would be to reconfigure rkhunter. > > You could make a start by purging it from your system. It performs no > useful function. > > -- > Brian. >
Could you explain that bit more, please?
