rkhunter warning about ssh root access when that access is not allowed on the system

Question

I just ran rkhunter --check and all was good except this:

Checking if SSH root access is allowed                   [ Warning]

What does this warning mean? SSH root access is not allowed on this system.

EDIT #1

Here is how my /etc/ssh/sshd_config is set:

PermitRootLogin no

and rkhunter.conf

root ~ # cat /etc/rkhunter.conf | grep  ALLOW_SSH_ROOT_USER
#ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_ROOT_USER=unset

score 13 · Accepted Answer · edited Mar 16 '17 at 06:54

13

The following values need to match:

In rkhunter configuration:

cat /etc/rkhunter.conf | grep ALLOW_SSH_ROOT_USER

ALLOW_SSH_ROOT_USER=no

In sshd configuration:

cat /etc/ssh/sshd_config | grep PermitRootLogin

PermitRootLogin no

Once they do match, you should not be warned by rkhunter any longer.

edited Mar 16 '17 at 06:54

Vlastimil Burián

answered Apr 02 '15 at 19:58

Joshua Lokken

1

Yes, thank you for the edit! Still getting used to the editor. – Joshua Lokken Apr 02 '15 at 20:47

score 5 · Answer 2 · answered Sep 05 '16 at 01:06

5

In case you have set in your /etc/ssh/sshd_config

PermitRootLogin without-password

Again in the /etc/rkhunter.conf the value must match, as in the following example:

ALLOW_SSH_ROOT_USER=without-password

answered Sep 05 '16 at 01:06

dan

Everywhere I read, it is specified that (in case of Ubuntu), you should write: ALLOW_SSH_ROOT_USER=yes, but that doesn't work. This answer solves it! Thanks! – lepe Sep 09 '17 at 04:58

2 Answers2