On reflection, I think it's worth noting... Although by default the root account on Ubuntu has no password set - so mitigating the risk of brute-forcing password logins - it is still possible to login as root given "PermitRootLogin yes" and a valid private key.
Perhaps rkhunter should warn iff PermitRootLogin yes && (root has a password set || root has an authorized keys file). -- incorrectly warns about ssh settings https://bugs.launchpad.net/bugs/43124 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs