Re: Limiting attack surface for Debian sshd
Hello,
On Sun, Apr 13, 2025 at 06:24:50PM +0200, didier gaumet wrote:
> didier@hp-notebook14:~$ ldd /usr/sbin/tinysshd
> linux-vdso.so.1 (0x00007ffdb29f7000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f54a996c000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f54a9c2e000)
>
> that seems to me pretty minimal ;-)
Yes! On the (dynamic) dependancy side it seems ideal.
So it means it's a reimplementation of the SSH server, not using libssh?
(or it's statically compiled, which could be worse?)
However: it could mean it's much less scrutinized than libssh, which in turn
"looks" less scrutinized than OpenSSH ...
It looks it has very few lines of code, which is good:
https://github.com/janmojzis/tinyssh
However, it does not seem to support port forwarding, which can be
handy on a jump host ...
Reply to: