19 Apr
2024
19 Apr
'24
8:11 p.m.
Hi Scott,
This will involve compiling your own sshd. It means the end of binary
software distribution. As such it is a radical departure from Linux
distributions as most of us know them.
The Debian OpenSSH maintainers have been discussing how to get rid
of some of the dependencies or move them out into optional packages
(that most wouldn't use) and I think Kerberos was one of the
proposals.
Thanks,
Andy
On Thu, Apr 18, 2024 at 08:47:18AM -0700, C. Scott Ananian via BitFolk Users wrote:
Some of the Kerberos dependencies can almost certainly
be trimmed from a
modern ssh, I think.
Of all the discussion on the list, the one that resonated most was
hardening the main ssh by dropping unnecessary dependencies. Saying "you
can't use Kerberos to log in to the shell, and it won't be logged to
systemd" seems like it would inconvenience no one and gain a tiny bit of
extra peace of mind.
On the other hand, debugging why ssh won't let you log in when the cause is
a mismatch in crypto algorithms supported is a nightmare...
--scott
--
https://bitfolk.com/ -- No-nonsense VPS hosting