|
|
|
|
|
|
by dmm
4699 days ago
|
|
|
Well ssh is a fairly complex daemon with quite a few features. For example with OpenSSH you can authenticate with a preshared key and challenge response or with PAM integration, or with a regular unix password. It also supports several types of encryption. All these things are useful but requires more code. Some people would argue that a very simple daemon with fewer features might be more secure because it has less attack area. For example Colin Percival of Tarsnap created spiped which essentially replaces 'ssh -L'. It only supports shared key authentication and AES-256 and consists of only about 4000 lines. He connects to ssh through a spipe tunnel. https://www.tarsnap.com/spiped.html |
|
|
If it's true for something like a web server, it ought to be true for SSH. Thanks for the link to spiped.