[ale] Linux Security vs OpenSSH?

Scott Plante splante at insightsys.com
Mon Nov 28 11:38:27 EST 2022


I use FreeBSD because it's the base for pfSense and TrueNAS. I don't really
do any vanilla BSD installs. Any thoughts on FreeBSD vs OpenBSD?
Scott

On Sun, Nov 27, 2022 at 9:23 AM Héctor Abreu via Ale <ale at ale.org> wrote:

> I think OpenBSD reputation of being secure is not something of the old
> days. Security has always been one of the main goals of that project.
>
> In recent years I've heard news of malware targeting Windows and Linux,
> but not OpenBSD.
>
> I personally use both OpenBSD and Linux because one can not be a full
> replacement of the other, at least in the scenarios I normally deal with.
>
> Hector.
>
> El sáb, 26 nov 2022 a las 19:32, Leam Hall via Ale (<ale at ale.org>)
> escribió:
>
>> Jim, I have to apologize for a mistype. My brain was fried from an
>> on-line class, and I meant to ask about Linux and OpenBSD.
>>
>> Though I like your note on OpenSSH, I haven't kept up as much as I should.
>>
>> Leam
>>
>> On 11/26/22 15:35, Jim Kinney wrote:
>> > It all depends on the underlying encryption methods and server
>> configuration. As long as the encryption libs are up to date, any known
>> breakable methods explicitly blocked from use, it's solid.
>> >
>> > That said, 1024 bit keys should be replaced last year, 2048 are a
>> minimum, and 4096 but causes problems with older versions.
>> >
>> > Each distro builds it's own openssh so there are variations that may
>> bite later. I'm particularly fond of the patch that can query ldap through
>> sssd for a users pub key. It also supports being a container for the priv
>> key so a tight control of a closed environment can exist with sssd, ldap,
>> and openssh by using a tool chain through freeipa.
>> >
>> > On Sat, Nov 26, 2022, 3:22 PM Leam Hall via Ale <ale at ale.org <mailto:
>> ale at ale.org>> wrote:
>> >
>> >     In days of old, OpenSSH had a reputation for being "more" secure.
>> However, Linux has gotten a lot more brain share, and I wonder if that
>> reputation is still deserved. Thoughts?
>> >
>> >     Leam
>> >
>> >     --
>> >     Automation Engineer        (reuel.net/resume <
>> http://reuel.net/resume>)
>> >     Scribe: The Domici War     (domiciwar.net <http://domiciwar.net>)
>> >     General Ne'er-do-well      (github.com/LeamHall <
>> http://github.com/LeamHall>)
>> >     _______________________________________________
>> >     Ale mailing list
>> >     Ale at ale.org <mailto:Ale at ale.org>
>> >     https://mail.ale.org/mailman/listinfo/ale <
>> https://mail.ale.org/mailman/listinfo/ale>
>> >     See JOBS, ANNOUNCE and SCHOOLS lists at
>> >     http://mail.ale.org/mailman/listinfo <
>> http://mail.ale.org/mailman/listinfo>
>> >
>>
>> --
>> Automation Engineer        (reuel.net/resume)
>> Scribe: The Domici War     (domiciwar.net)
>> General Ne'er-do-well      (github.com/LeamHall)
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20221128/9b2fe05b/attachment.htm>


More information about the Ale mailing list