[ale] Linux Security vs OpenSSH?
Leam Hall
leamhall at gmail.com
Sat Nov 26 19:31:30 EST 2022
Jim, I have to apologize for a mistype. My brain was fried from an on-line class, and I meant to ask about Linux and OpenBSD.
Though I like your note on OpenSSH, I haven't kept up as much as I should.
Leam
On 11/26/22 15:35, Jim Kinney wrote:
> It all depends on the underlying encryption methods and server configuration. As long as the encryption libs are up to date, any known breakable methods explicitly blocked from use, it's solid.
>
> That said, 1024 bit keys should be replaced last year, 2048 are a minimum, and 4096 but causes problems with older versions.
>
> Each distro builds it's own openssh so there are variations that may bite later. I'm particularly fond of the patch that can query ldap through sssd for a users pub key. It also supports being a container for the priv key so a tight control of a closed environment can exist with sssd, ldap, and openssh by using a tool chain through freeipa.
>
> On Sat, Nov 26, 2022, 3:22 PM Leam Hall via Ale <ale at ale.org <mailto:ale at ale.org>> wrote:
>
> In days of old, OpenSSH had a reputation for being "more" secure. However, Linux has gotten a lot more brain share, and I wonder if that reputation is still deserved. Thoughts?
>
> Leam
>
> --
> Automation Engineer (reuel.net/resume <http://reuel.net/resume>)
> Scribe: The Domici War (domiciwar.net <http://domiciwar.net>)
> General Ne'er-do-well (github.com/LeamHall <http://github.com/LeamHall>)
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> https://mail.ale.org/mailman/listinfo/ale <https://mail.ale.org/mailman/listinfo/ale>
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
>
--
Automation Engineer (reuel.net/resume)
Scribe: The Domici War (domiciwar.net)
General Ne'er-do-well (github.com/LeamHall)
More information about the Ale
mailing list