Mailinglist Archive: opensuse (1047 mails)

< Previous Next >
RE: Re: [opensuse] leap: rkhunter warn about sshd change


-----Ursprüngliche Nachricht-----
Von: Per Jessen
Gesendet: Fr. 15.01.2016 11:44
An: opensuse@xxxxxxxxxxxx
Betreff: Re: [opensuse] leap: rkhunter warn about sshd change

stakanov@xxxxxxxxxx wrote:

I have been warned by rkhunter about an sshd change. This is odd,
because I did not change anything.

So I went to /etc/ssh/sshd and I went through it.
I found a string that is new (and that for the time being I commented
out. Before it did read like this:
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

As I did not put this: has there been an update?

That setting has been in sshd_config since the year dot.

And why would an update activate sftp-server on my system (AFAIK, I do
not use it). And if, wouldn't this even be the completely false
syntax, as this should then be used together with a " Match group
sftponly

Do you have a group "sftponly"?



--
Per Jessen, Zürich (3.4°C)
http://www.hostsuisse.com/ - dedicated server rental in Switzerland.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx



-----Ursprüngliche Nachricht Ende-----

Interesting, I never noticed it. I do not have a group sftp or sftponly. For
what I know I am currently not using sftp.
So would it be correct to comment that string out?

The rkhunter warning was:
Warning: The file properties have changed:
File: /usr/bin/ssh
Current inode: 1578894 Stored inode: 1573455
Warning: The file properties have changed:
File: /usr/sbin/sshd
Current inode: 1718294 Stored inode: 1715420
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text

I do understand the ssh change. This is the recent openssl update. I will run
propupd later but why did sshd change? An update should always leave allone
sshd shouldn' it? So for the sake of understanding: why would the inode of sshd
change?

Since I did not understand the rational of setting up a subsystem that I do not
use (I do not use ssh at all on this machine, well, everything that I do not
understand (in the sense of "why" it should be activated and that points to
remote functionality is making me a bit suspicious. (Sorry if I am paranoid but
I had some surprise in the past).




---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen!
http://email.freenet.de/basic/Informationen

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups