Le 13/04/2025 à 17:13, Marc SCHAEFER a écrit :
Hello,would you be open to using another implementation of an ssh server? If so, it would be a third approach:Yes, it would be. It might help with the attack surface issue of current sshd. However, I would guess that most of the alternative to OpenSSH are using libssh, which also had some issues. I presumably would trust a stripped-down OpenSSH more than anything based on libssh, but I might be wrong.
Hello,I have not verified if there is an indirect dependency upon libssh for dropbear-bin and lsh-server (there is no direct dependency)
for tinysshd: didier@hp-notebook14:~$ LANG=en-US.UTF-8; apt depends tinysshd tinysshd Depends: libc6 (>= 2.34) didier@hp-notebook14:~$ ldd /usr/sbin/tinysshd linux-vdso.so.1 (0x00007ffdb29f7000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f54a996c000) /lib64/ld-linux-x86-64.so.2 (0x00007f54a9c2e000) that seems to me pretty minimal ;-)