We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
7 days, 22 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Cron Deamon email alerts - Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access.
Posted on 2011-02-11
I have a Cron Deamon email alerts that says the following below. How do I fix this.
[ Rootkit Hunter version 1.3.8 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
[ Rootkit Hunter version 1.3.8 ]
File updated: searched for 164 files, found 141
Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /etc/.logrotate.conf.swp: data
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
[ Rootkit Hunter version 1.3.8 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
[ Rootkit Hunter version 1.3.8 ]
File updated: searched for 164 files, found 141
Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /etc/.logrotate.conf.swp: data
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
2-
2
7 Comments
Active today
Hi,
seems that you have a Rootkit Hunter script which would check several security relevant parameters.
Your sshd_config file does not contain the parameter PermitRootLogin. Since the default is "Yes" this is obviously considered a security issue.
You will have to decide whether your'e further going to permit root login via ssh or not.
If you want to forbid it just add "PermitRootLogin no" to sshd config.
If you must allow root to login via ssh you will have to live with that message, or maybe you could configure the Rootkit Hunter progran to ignore this parameter.
Since I don't know this program I will not be able to help you with this without some googling.
wmp
seems that you have a Rootkit Hunter script which would check several security relevant parameters.
Your sshd_config file does not contain the parameter PermitRootLogin. Since the default is "Yes" this is obviously considered a security issue.
You will have to decide whether your'e further going to permit root login via ssh or not.
If you want to forbid it just add "PermitRootLogin no" to sshd config.
If you must allow root to login via ssh you will have to live with that message, or maybe you could configure the Rootkit Hunter progran to ignore this parameter.
Since I don't know this program I will not be able to help you with this without some googling.
wmp
Yes I need root to be able to login via ssh?
Humm maybe I can find something hope to get some post here
Humm maybe I can find something hope to get some post here
Active today
Please look at /etc/rkhunter.conf
There is a setting
ALLOW_SSH_ROOT_USER=no
Change it to "yes" and the message will no longer appear.
wmp
There is a setting
ALLOW_SSH_ROOT_USER=no
Change it to "yes" and the message will no longer appear.
wmp
If you need your system to be more secure, you should add the line:
This line means that you can't log through ssh using the user "root". This avoid for example a brute force attack on it.
To use "root" with the option above, you need to ssh to the computer with a regular user, and then you need to write "su -" to get the root identity and privileges.
If you don't care about security much (eg: because it's an internal network), then add the same line but with "yes" instead. This should avoid the message you get from rkhunter.
Whatever you decide, after changing /etc/ssh/sshd_config, you need to restart the sshd service. Do that with "/etc/init.d/sshd restart".
PermitRootLogin no
This line means that you can't log through ssh using the user "root". This avoid for example a brute force attack on it.
To use "root" with the option above, you need to ssh to the computer with a regular user, and then you need to write "su -" to get the root identity and privileges.
If you don't care about security much (eg: because it's an internal network), then add the same line but with "yes" instead. This should avoid the message you get from rkhunter.
Whatever you decide, after changing /etc/ssh/sshd_config, you need to restart the sshd service. Do that with "/etc/init.d/sshd restart".
Ok cool
So I could ssh into my server as a regular user the just type in su and I become root?
How can I make a regular user?
I have cpanel on my server?
So I could ssh into my server as a regular user the just type in su and I become root?
How can I make a regular user?
I have cpanel on my server?
Of course, you just do "su -" (or just "su" if you want to keep your environment variables) and that "upgrades" your normal user to root.
I'm not sure which system you have, but there's usually a script called "useradd" or "adduser" which does exactly that. Put "--help" at the end to get details on how to use it, or try with "man useradd". I'm sorry but can't help you with cPanel.
I'm not sure which system you have, but there's usually a script called "useradd" or "adduser" which does exactly that. Put "--help" at the end to get details on how to use it, or try with "man useradd". I'm sorry but can't help you with cPanel.
Active today
In most cases you're not allowed to have more than one cPanel account.
But if you really have "root" access (not "admin" or the like) and if you can open a shell (command line) it should be possible.
If you need this user only to avoild using ssh as root just issue:
useradd -g users sobeservices2
passwd sobeservices2
- type a new password when prompted (twice)
You will be requested to change the password when first logging in as sobeservices2
Don't forget to change /etc/ssh/sshd_config ("PermitRootLogin no") and to restart sshd.
wmp
But if you really have "root" access (not "admin" or the like) and if you can open a shell (command line) it should be possible.
If you need this user only to avoild using ssh as root just issue:
useradd -g users sobeservices2
passwd sobeservices2
- type a new password when prompted (twice)
You will be requested to change the password when first logging in as sobeservices2
Don't forget to change /etc/ssh/sshd_config ("PermitRootLogin no") and to restart sshd.
wmp
Featured Post
You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Note: for this to work properly you need to use a Cross-Over network cable.
1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month7 days, 22 hours left to enroll
729 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.