Hi, On Fri, Apr 11, 2025 at 08:12:14PM +0200, Marc SCHAEFER wrote: > systemd dependancies that are activated on a Debian system imply a lot > of library injections into sshd, much more than the stock OpenBSD ssh. > > To avoid this, there seem to be two approaches: > > - remove those dependancies (see below) > > - confine the impact of those dependancies, as proposed > by some developpers, in having those dependancies confined > (not examined here) > > To solve this, I could use a Bastion host with a limited, non Debian, > OS, or I could recompile the OpenSSH package on Debian with options > disabled.
[…] > What do you think about this approach? I think you're wasting your time and should not have sshd listen on the public Internet at all, instead VPN in to your network and only have sshd available on the inside. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
