Mailinglist Archive: opensuse (1047 mails)

< Previous Next >
Re: [opensuse] leap: rkhunter warn about sshd change
On 01/15/2016 02:26 AM, stakanov@xxxxxxxxxx wrote:
I have been warned by rkhunter about an sshd change. This is odd, because I
did not change anything.

So I went to /etc/ssh/sshd and I went through it.
I found a string that is new (and that for the time being I commented out.
Before it did read like this:
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

As I did not put this: has there been an update?
And why would an update activate sftp-server on my system (AFAIK, I do not
use it).
And if, wouldn't this even be the completely false syntax, as this should
then be used together with a "
Match group sftponly

entry in the same sshd to avoid users to access sshd settings. And it would
make sense only if a
allow user or allow group policy was set. I did not allow anybody.


Thanks for helping me to understand the sense and the justification of
existence for this string.





---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen!
http://email.freenet.de/basic/Informationen


I suspect you applied a patch or security update.

https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt

There was a recent package update as I recall.
http://www.openssh.com/txt/release-7.1p2

It already showed up in ARCH, and Probably Opensuse as well.

Do not worry about sftp subsystem. It is just one o the things you can
do with an already established SSH connection. Allowing it is not a risk.


--
After all is said and done, more is said than done.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
References