Bug#865972: rkhunter: SSH Protocol is now deprecated, but rkhunter demands that it is set

Christian Pietsch cpietsch+debian at uni-bielefeld.de
Mon Jun 26 08:55:54 UTC 2017

Package: rkhunter
Version: 1.4.2-6
Severity: normal

Dear Maintainer,

the openssh-server version that is now in Debian testing no longer
uses the Protocol configuration directive. It is absent from the
default /etc/ssh/sshd_config file as well as the man page.

Currently, you can still include `Protocol 2` in the config without
getting an error from sshd. Which is what I had to do in order to
appease rkhunter which insists that this must be set.

Can rkhunter skip this test if the OpenSSH server version is >= 7.5?
Otherwise, maybe it's time to stop testing for Protocol in general.


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils               2.28-6
ii  debconf [debconf-2.0]  1.5.61
ii  file                   1:5.30-1
ii  lsof                   4.89+dfsg-0.1
ii  net-tools              1.60+git20161116.90da8a0-1
ii  perl                   5.24.1-4
ii  ucf                    3.0036

Versions of packages rkhunter recommends:
ii  bsd-mailx [mailx]           8.1.2-0.20160123cvs-4
ii  curl                        7.52.1-5
ii  dma [mail-transport-agent]  0.11-1+b1
ii  iproute2                    4.9.0-1
ii  unhide                      20130526-1
ii  unhide.rb                   22-2
ii  wget                        1.19.1-3

Versions of packages rkhunter suggests:
ii  liburi-perl     1.71-1
ii  libwww-perl     6.15-1
ii  powermgmt-base  1.31+nmu1

-- Configuration Files:
/etc/rkhunter.conf changed [not included]

-- debconf information excluded

More information about the forensics-devel mailing list