RE: Re: [opensuse] leap: rkhunter warn about sshd change
![](https://seccdn.libravatar.org/avatar/e2f3b186b0049d0aada4563a7cd944d2.jpg?s=120&d=mm&r=g)
-----Ursprüngliche Nachricht----- Von: Per Jessen Gesendet: Fr. 15.01.2016 11:44 An: opensuse@opensuse.org Betreff: Re: [opensuse] leap: rkhunter warn about sshd change
stakanov@freenet.de wrote:
I have been warned by rkhunter about an sshd change. This is odd, because I did not change anything.
So I went to /etc/ssh/sshd and I went through it. I found a string that is new (and that for the time being I commented out. Before it did read like this: # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server
As I did not put this: has there been an update?
That setting has been in sshd_config since the year dot.
And why would an update activate sftp-server on my system (AFAIK, I do not use it). And if, wouldn't this even be the completely false syntax, as this should then be used together with a " Match group sftponly
Do you have a group "sftponly"?
-- Per Jessen, Zürich (3.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----Ursprüngliche Nachricht Ende-----
Interesting, I never noticed it. I do not have a group sftp or sftponly. For what I know I am currently not using sftp. So would it be correct to comment that string out? The rkhunter warning was: Warning: The file properties have changed: File: /usr/bin/ssh Current inode: 1578894 Stored inode: 1573455 Warning: The file properties have changed: File: /usr/sbin/sshd Current inode: 1718294 Stored inode: 1715420 Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text I do understand the ssh change. This is the recent openssl update. I will run propupd later but why did sshd change? An update should always leave allone sshd shouldn' it? So for the sake of understanding: why would the inode of sshd change? Since I did not understand the rational of setting up a subsystem that I do not use (I do not use ssh at all on this machine, well, everything that I do not understand (in the sense of "why" it should be activated and that points to remote functionality is making me a bit suspicious. (Sorry if I am paranoid but I had some surprise in the past). --- Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/7891b1b1a5767f4b9ac1cc0723cebdac.jpg?s=120&d=mm&r=g)
stakanov@freenet.de wrote:
Interesting, I never noticed it. I do not have a group sftp or sftponly. For what I know I am currently not using sftp. So would it be correct to comment that string out?
It doesn't hurt either way.
The rkhunter warning was: Warning: The file properties have changed: File: /usr/bin/ssh Current inode: 1578894 Stored inode: 1573455 Warning: The file properties have changed: File: /usr/sbin/sshd Current inode: 1718294 Stored inode: 1715420 Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
I do understand the ssh change. This is the recent openssl update. I will run propupd later but why did sshd change? An update should always leave allone sshd shouldn' it? So for the sake of understanding: why would the inode of sshd change?
I guess it was updated? /Per -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Per Jessen
-
stakanov@freenet.de