[ale] Linux Security vs OpenSSH?
Chuck Payne
terrorpup at gmail.com
Sat Nov 26 23:54:07 EST 2022
Ah, good ole SSSD, I use it a lot with FreeIPA and Kerbose, the hell with
SSH Keys. FreeIPA and no passwords, let the dogs of war manage your logs
on, untill SSSD dies and no one can log on, but It does make life so much
easier, when you need to tied in Linux host with Windows AD.
On Sat, Nov 26, 2022 at 4:36 PM Jim Kinney via Ale <ale at ale.org> wrote:
> It all depends on the underlying encryption methods and server
> configuration. As long as the encryption libs are up to date, any known
> breakable methods explicitly blocked from use, it's solid.
>
> That said, 1024 bit keys should be replaced last year, 2048 are a minimum,
> and 4096 but causes problems with older versions.
>
> Each distro builds it's own openssh so there are variations that may bite
> later. I'm particularly fond of the patch that can query ldap through sssd
> for a users pub key. It also supports being a container for the priv key so
> a tight control of a closed environment can exist with sssd, ldap, and
> openssh by using a tool chain through freeipa.
>
> On Sat, Nov 26, 2022, 3:22 PM Leam Hall via Ale <ale at ale.org> wrote:
>
>> In days of old, OpenSSH had a reputation for being "more" secure.
>> However, Linux has gotten a lot more brain share, and I wonder if that
>> reputation is still deserved. Thoughts?
>>
>> Leam
>>
>> --
>> Automation Engineer (reuel.net/resume)
>> Scribe: The Domici War (domiciwar.net)
>> General Ne'er-do-well (github.com/LeamHall)
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
Terror PUP a.k.a
Chuck "PUP" Payne
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363
openSUSE Community Member since 2008.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20221126/12927500/attachment.htm>
More information about the Ale
mailing list