[ale] Linux Security vs OpenSSH?

Jim Kinney jim.kinney at gmail.com
Sat Nov 26 16:35:47 EST 2022


It all depends on the underlying encryption methods and server
configuration. As long as the encryption libs are up to date, any known
breakable methods explicitly blocked from use, it's solid.

That said, 1024 bit keys should be replaced last year, 2048 are a minimum,
and 4096 but causes problems with older versions.

Each distro builds it's own openssh so there are variations that may bite
later. I'm particularly fond of the patch that can query ldap through sssd
for a users pub key. It also supports being a container for the priv key so
a tight control of a closed environment can exist with sssd, ldap, and
openssh by using a tool chain through freeipa.

On Sat, Nov 26, 2022, 3:22 PM Leam Hall via Ale <ale at ale.org> wrote:

> In days of old, OpenSSH had a reputation for being "more" secure. However,
> Linux has gotten a lot more brain share, and I wonder if that reputation is
> still deserved. Thoughts?
>
> Leam
>
> --
> Automation Engineer        (reuel.net/resume)
> Scribe: The Domici War     (domiciwar.net)
> General Ne'er-do-well      (github.com/LeamHall)
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20221126/1d7e55da/attachment.htm>


More information about the Ale mailing list