18 Apr
2024
18 Apr
'24
3:47 p.m.
Some of the Kerberos dependencies can almost certainly be trimmed from a
modern ssh, I think.
Of all the discussion on the list, the one that resonated most was
hardening the main ssh by dropping unnecessary dependencies. Saying "you
can't use Kerberos to log in to the shell, and it won't be logged to
systemd" seems like it would inconvenience no one and gain a tiny bit of
extra peace of mind.
On the other hand, debugging why ssh won't let you log in when the cause is
a mismatch in crypto algorithms supported is a nightmare...
--scott
On Thu, Apr 18, 2024, 8:25 AM Mike Zanker via BitFolk Users <
users(a)mailman.bitfolk.com> wrote:
On 18 Apr 2024, at 16:10, Le Lay via BitFolk Users
<
users(a)mailman.bitfolk.com> wrote:
or send an email to
<users-leave(a)mailman.bitfolk.com>
You really have a weird sshd
alarig@msi ~ $ ldd /usr/sbin/sshd
linux-vdso.so.1 (0x00007ffd42dec000)
libcrypt.so.2 => /usr/lib64/libcrypt.so.2 (0x00007fb41f12b000)
libpam.so.0 => /usr/lib64/libpam.so.0 (0x00007fb41f11a000)
libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007fb41ece5000)
libz.so.1 => /usr/lib64/libz.so.1 (0x00007fb41eccb000)
libc.so.6 => /lib64/libc.so.6 (0x00007fb41eb0d000)
/lib64/ld-linux-x86-64.so.2 (0x00007fb41f261000)
I have the same /usr/sbin/sshd as Andy - looks like the one that comes
with Debian 12.
Mike
_______________________________________________
BitFolk Users mailing list <users(a)mailman.bitfolk.com>
You're subscribed as <cscott(a)cscott.net>
Unsubscribe: <
https://mailman.bitfolk.com/mailman/postorius/lists/users.mailman.bitfolk.c…