Mailinglist Archive: opensuse (1047 mails)

< Previous Next >
Re: [opensuse] leap: rkhunter warn about sshd change
On 01/15/2016 02:26 AM, stakanov@xxxxxxxxxx wrote:
I have been warned by rkhunter about an sshd change. This is odd, because I
did not change anything.

So I went to /etc/ssh/sshd and I went through it.
I found a string that is new (and that for the time being I commented out.
Before it did read like this:
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

As I did not put this: has there been an update?
And why would an update activate sftp-server on my system (AFAIK, I do not
use it).
And if, wouldn't this even be the completely false syntax, as this should
then be used together with a "
Match group sftponly

entry in the same sshd to avoid users to access sshd settings. And it would
make sense only if a
allow user or allow group policy was set. I did not allow anybody.

Thanks for helping me to understand the sense and the justification of
existence for this string.

Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen!

I suspect you applied a patch or security update.

There was a recent package update as I recall.

It already showed up in ARCH, and Probably Opensuse as well.

Do not worry about sftp subsystem. It is just one o the things you can
do with an already established SSH connection. Allowing it is not a risk.

After all is said and done, more is said than done.
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >