[opensuse] leap: rkhunter warn about sshd change
I have been warned by rkhunter about an sshd change. This is odd, because I did not change anything. So I went to /etc/ssh/sshd and I went through it. I found a string that is new (and that for the time being I commented out. Before it did read like this: # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server As I did not put this: has there been an update? And why would an update activate sftp-server on my system (AFAIK, I do not use it). And if, wouldn't this even be the completely false syntax, as this should then be used together with a " Match group sftponly entry in the same sshd to avoid users to access sshd settings. And it would make sense only if a allow user or allow group policy was set. I did not allow anybody. Thanks for helping me to understand the sense and the justification of existence for this string. --- Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
stakanov@freenet.de wrote:
I have been warned by rkhunter about an sshd change. This is odd, because I did not change anything.
So I went to /etc/ssh/sshd and I went through it. I found a string that is new (and that for the time being I commented out. Before it did read like this: # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server
As I did not put this: has there been an update?
That setting has been in sshd_config since the year dot.
And why would an update activate sftp-server on my system (AFAIK, I do not use it). And if, wouldn't this even be the completely false syntax, as this should then be used together with a " Match group sftponly
Do you have a group "sftponly"? -- Per Jessen, Zürich (3.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/15/2016 02:26 AM, stakanov@freenet.de wrote:
I have been warned by rkhunter about an sshd change. This is odd, because I did not change anything.
So I went to /etc/ssh/sshd and I went through it. I found a string that is new (and that for the time being I commented out. Before it did read like this: # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server
As I did not put this: has there been an update? And why would an update activate sftp-server on my system (AFAIK, I do not use it). And if, wouldn't this even be the completely false syntax, as this should then be used together with a " Match group sftponly
entry in the same sshd to avoid users to access sshd settings. And it would make sense only if a allow user or allow group policy was set. I did not allow anybody.
Thanks for helping me to understand the sense and the justification of existence for this string.
--- Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen
I suspect you applied a patch or security update. https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-20... There was a recent package update as I recall. http://www.openssh.com/txt/release-7.1p2 It already showed up in ARCH, and Probably Opensuse as well. Do not worry about sftp subsystem. It is just one o the things you can do with an already established SSH connection. Allowing it is not a risk. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
John Andersen -
Per Jessen -
stakanov@freenet.de