Thank you for taking the time to report this. As far as anybody is
aware, root login via ssh will not be enabled to default in Ubuntu. I
believe that information about enabling the root account is not made
available through official means. I am marking this bug as Won't Fix.
** Changed in: rkhu
On reflection, I think it's worth noting...
Although by default the root account on Ubuntu has no password set - so
mitigating the risk of brute-forcing password logins - it is still
possible to login as root given "PermitRootLogin yes" and a valid
private key.
Perhaps rkhunter should warn iff Pe
...and brute forcing has become a more acute problem in light of the
recent OpenSSL vulnerability. Exploitation of weak SSH keys is made much
easier if the attacker knows a valid username on the target system; by
permitting root login, you are making an attacker's job much easier.
(Though [EMAIL P
** Changed in: rkhunter (Ubuntu)
Assignee: Marco Rodrigues (gothicx) => (unassigned)
--
incorrectly warns about ssh settings
https://bugs.launchpad.net/bugs/43124
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailin
As he said, this is NOT a bug - SSH root login is a real security
vulnerability. IMHO, and the opinion of countless security experts, it
SHOULD be off by default. Brute forcing the root login is a very common
practice - I've seen it myself.
--
incorrectly warns about ssh settings
https://bugs.l
Hi! Can you check if still an issue for you with version 1.3.0-1 in
Ubuntu Gutsy ?
Thanks!
** Changed in: rkhunter (Ubuntu)
Importance: Medium => Low
Assignee: (unassigned) => Marco Rodrigues (gothicx)
Status: New => Incomplete
--
incorrectly warns about ssh settings
https://bugs
IMO this behavior is not a bug. rkhunter correctly warns about ssh root login
risk, it shouldn't matter what security policy distribution enforces.
I'd consider it a bug instead if rkhunter wouldn't warn when
PermitRootLogin is enabled.
--
incorrectly warns about ssh settings
https://launchpad
