[ale] Linux Security vs OpenSSH?

Jim Kinney jim.kinney at gmail.com
Sun Nov 27 08:22:19 EST 2022


Once sssd is into the v.2 realm, the daemon just runs.  For those in the
know, systems can manage earlier sssd and restart it if dies. It's a very,
very useful tool.

On Sat, Nov 26, 2022, 11:54 PM Chuck Payne <terrorpup at gmail.com> wrote:

> Ah, good ole SSSD, I use it a lot with FreeIPA and Kerbose, the hell with
> SSH Keys. FreeIPA and no passwords, let the dogs of war manage your logs
> on, untill SSSD dies and no one can log on, but It does make life so much
> easier, when you need to tied in Linux host with Windows AD.
>
> On Sat, Nov 26, 2022 at 4:36 PM Jim Kinney via Ale <ale at ale.org> wrote:
>
>> It all depends on the underlying encryption methods and server
>> configuration. As long as the encryption libs are up to date, any known
>> breakable methods explicitly blocked from use, it's solid.
>>
>> That said, 1024 bit keys should be replaced last year, 2048 are a
>> minimum, and 4096 but causes problems with older versions.
>>
>> Each distro builds it's own openssh so there are variations that may bite
>> later. I'm particularly fond of the patch that can query ldap through sssd
>> for a users pub key. It also supports being a container for the priv key so
>> a tight control of a closed environment can exist with sssd, ldap, and
>> openssh by using a tool chain through freeipa.
>>
>> On Sat, Nov 26, 2022, 3:22 PM Leam Hall via Ale <ale at ale.org> wrote:
>>
>>> In days of old, OpenSSH had a reputation for being "more" secure.
>>> However, Linux has gotten a lot more brain share, and I wonder if that
>>> reputation is still deserved. Thoughts?
>>>
>>> Leam
>>>
>>> --
>>> Automation Engineer        (reuel.net/resume)
>>> Scribe: The Domici War     (domiciwar.net)
>>> General Ne'er-do-well      (github.com/LeamHall)
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> https://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> openSUSE Community Member since 2008.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20221127/f7cc4a5e/attachment.htm>


More information about the Ale mailing list