Re: Limiting attack surface for Debian sshd

[Marc SCHAEFER <schaefer@alphanet.ch>]

Hello,

On Sun, Apr 13, 2025 at 06:24:50PM +0200, didier gaumet wrote:
> didier@hp-notebook14:~$ ldd /usr/sbin/tinysshd
> 	linux-vdso.so.1 (0x00007ffdb29f7000)
> 	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f54a996c000)
> 	/lib64/ld-linux-x86-64.so.2 (0x00007f54a9c2e000)
> 
> that seems to me pretty minimal ;-)

Yes! On the (dynamic) dependancy side it seems ideal.

So it means it's a reimplementation of the SSH server, not using libssh?
(or it's statically compiled, which could be worse?)

However: it could mean it's much less scrutinized than libssh, which in turn
"looks" less scrutinized than OpenSSH ...

It looks it has very few lines of code, which is good:

   https://github.com/janmojzis/tinyssh

However, it does not seem to support port forwarding, which can be
handy on a jump host ...