Le 13/04/2025 à 17:13, Marc SCHAEFER a écrit :
Hello,
would you be open to using another implementation of an ssh server?
If so, it would be a third approach:
Yes, it would be. It might help with the attack surface issue of
current sshd.
However, I would guess that most of the alternative to OpenSSH are
using libssh, which also had some issues.
I presumably would trust a stripped-down OpenSSH more than anything
based on libssh, but I might be wrong.
Hello,
I have not verified if there is an indirect dependency upon libssh for
dropbear-bin and lsh-server (there is no direct dependency)
for tinysshd:
didier@hp-notebook14:~$ LANG=en-US.UTF-8; apt depends tinysshd
tinysshd
Depends: libc6 (>= 2.34)
didier@hp-notebook14:~$ ldd /usr/sbin/tinysshd
linux-vdso.so.1 (0x00007ffdb29f7000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f54a996c000)
/lib64/ld-linux-x86-64.so.2 (0x00007f54a9c2e000)
that seems to me pretty minimal ;-)
