[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: deprecated options in openssh

Hi all,

Weeks later it happened again and I'm not any less puzzled:

/var/log/syslog
Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 25: Deprecated option UsePrivilegeSeparation Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 28: Deprecated option KeyRegenerationInterval Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 29: Deprecated option ServerKeyBits Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 49: Deprecated option RSAAuthentication Aug 28 10:12:30 deb10 sshd[145]: /etc/ssh/sshd_config line 57: Deprecated option RhostsRSAAuthentication Aug 28 10:12:31 deb10 sshd[207]: /etc/ssh/sshd_config line 25: Deprecated option UsePrivilegeSeparation Aug 28 10:12:31 deb10 sshd[207]: /etc/ssh/sshd_config line 28: Deprecated option KeyRegenerationInterval Aug 28 10:12:31 deb10 sshd[207]: /etc/ssh/sshd_config line 29: Deprecated option ServerKeyBits Aug 28 10:12:31 deb10 sshd[207]: /etc/ssh/sshd_config line 49: Deprecated option RSAAuthentication Aug 28 10:12:31 deb10 sshd[207]: /etc/ssh/sshd_config line 57: Deprecated option RhostsRSAAuthentication 

Not matching what's in the file:

awk 'NR==25' /etc/ssh/sshd_config

awk 'NR==28' /etc/ssh/sshd_config

awk 'NR==29' /etc/ssh/sshd_config
# Lifetime and size of ephemeral version 1 server key

etc.
The service hasn't been restarted around that time and the file hasn't been modified for even longer: 

systemctl status ssh.service | grep running
   Active: active (running) since Wed 2021-08-18 17:36:45 UTC; 3 weeks 1 days ago 

stat /etc/ssh/sshd_config
  File: /etc/ssh/sshd_config
  Size: 3864            Blocks: 9          IO Block: 4096 regular file
Device: 34h/52d Inode: 94834       Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/ root)
Access: 2021-09-10 06:48:08.449310637 +0000
Modify: 2021-07-06 07:15:34.222154544 +0000
Change: 2021-07-06 07:15:34.222154544 +0000
 Birth: -
This is a Proxmox LXC container and I thought that maybe the syslog entries were for some reason referring to the master host, but not! 

awk 'NR==25' /etc/ssh/sshd_config
# Logging
awk 'NR==28' /etc/ssh/sshd_config

awk 'NR==29' /etc/ssh/sshd_config
# Authentication:

What's going on here? :)

Regards,
Adam

On 16/08/2021 18:27, David Wright wrote:

On Mon 16 Aug 2021 at 16:49:16 (+0100), Adam Weremczuk wrote:

Installation and configuration was straightforward:

sudo apt install logwatch

/etc/cron.daily/00logwatch
#execute
/usr/sbin/logwatch --detail low --mailto xxx@domain.com

The master config file /usr/share/logwatch/default.conf/logwatch.conf
left with defaults.

Only one report per day arrives. Same as for the other dozen of Debian
(mostly older) machines it's installed on and which don't show this
issue.

I presume logwatch is watching your logs, so the first place to check
is the actual logs themselves.

My guess (it's no more than that) is that one of the other dozen
machines that you occasionally log into has a slightly different
configuration from this one, perhaps older, with options that are
now considered less secure (but no extra lines inserted).

The options that are commented out in each machine's config file are
the defaults being used by the server, so they /are/ in force.
When you connect to a remote machine's server, I'm assuming it gets
told what the remote's options are, and it's remonstrating about them.
(The fact that options are commented will be irrelevant, therefore.)

Note that I may have all this in reverse: the remote machine could be
complaining about yours, and sending you the log by email. So, as I say,
the first step is to find the log entries that logwatch has watched for.

Cheers,
David.
Reply to: