Re: Debian v9 it's a stretch

To: debian-user@lists.debian.org
Subject: Re: Debian v9 it's a stretch
From: Rob van der Putten <rob@sput.nl>
Date: Thu, 24 Aug 2017 15:44:30 +0200
Message-id: <[🔎] onml7n$vl3$1@blaine.gmane.org>
In-reply-to: <[🔎] 20170824133953.GL12801@newtao.randomstring.org>
References: <[🔎] 0273d681-77cb-9b0b-62c5-671808998c21@threedogs.net> <[🔎] onf1n8$s37$1@blaine.gmane.org> <[🔎] onhvtg$sqd$1@blaine.gmane.org> <[🔎] onmhvl$br1$1@blaine.gmane.org> <[🔎] 20170824133953.GL12801@newtao.randomstring.org>

Hi there


On 24/08/17 15:39, Dan Ritter wrote:

As of Stretch, the standard OpenSSH sshd does not support
Protocol 1, so there's no particular reason to enforce it
by stating Protocol 2.


I assumed as much. It's just a simple way to keep rkhunter happy.

PermitRootLogin now defaults to "prohibit-password", which
means that you can log in as root with a proper SSH key or
via other methods you have set up, but not with a password.
Another useful argument is forced-commands-only, which requires
both public-key authentication and a command="blah blah" option
in the authorized_keys file, and only allows those commands to
be run. If you've got a pull backup system, that can help.


The alternative would be to reconfigure rkhunter.


Regards,
Rob

Reply to:

Follow-Ups:
- Re: Debian v9 it's a stretch
  - From: Brian <ad44@cityscape.co.uk>

References:
- Debian v9 it's a stretch
  - From: tony mollica <tjm3@threedogs.net>
- Re: Debian v9 it's a stretch
  - From: deloptes <deloptes@gmail.com>
- Re: Debian v9 it's a stretch
  - From: Rob van der Putten <rob@sput.nl>
- Re: Debian v9 it's a stretch
  - From: Rob van der Putten <rob@sput.nl>
- Re: Debian v9 it's a stretch
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Debian v9 it's a stretch
Next by Date: Re: Stretch vim doesnt cut and paste
Previous by thread: Re: Debian v9 it's a stretch
Next by thread: Re: Debian v9 it's a stretch
Index(es):
- Date
- Thread