Announcement

Collapse
No announcement yet.

OpenSSH 8.7 Released With Experimental SFTP Support For SCP

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • uid313
    replied
    Originally posted by torsionbar28 View Post
    A better option might be C# and Mono, along with Active Directory integration. Once we can do Windows Domain services over SSH, we can drop the legacy SSH command prompt altogether.
    That is a very interesting idea!
    Not Mono though, just .NET 5 which is cross-platform and officially natively available for Linux. Mono is a implementation of the old .NET Framework.
    Active Directory integration sounds great, but this wouldn't have to be done in C# though, you could have the Active Directory protocol implemented in Rust.

    Leave a comment:


  • torsionbar28
    replied
    Originally posted by uid313 View Post
    I think they ought to port OpenSSH to Rust, maybe not all of it, but at least the daemon so that it may be safer against remote exploits.
    A better option might be C# and Mono, along with Active Directory integration. Once we can do Windows Domain services over SSH, we can drop the legacy SSH command prompt altogether.

    Leave a comment:


  • Chewi
    replied
    As much as I like Rust, it's not a magic bullet. It's quite common for Rust code to use OpenSSL for a start. There are pure-Rust alternatives like Ring but they haven't had anything like the amount of scrutiny that OpenSSL has had. I'd personally take my chances with OpenSSL.

    As mentioned above, OpenSSH can be built without OpenSSL but that's understating it. You only need OpenSSL for additional algorithms and very niche features. I don't think I've ever needed these myself.

    Leave a comment:


  • Jakobson
    replied
    It's nice to see progress there to replace old scp protocol by SFTP and therefore to have a solution for this vulneralibity:
    https://nvd.nist.gov/vuln/detail/CVE-2020-15778

    Leave a comment:


  • BwackNinja
    replied
    Originally posted by kpedersen View Post

    I'm quite a fan of BearSSL for my own projects. Though for work I tend to stick to OpenSSL because "its the norm innit!".
    There's a bearssl port of openssh https://github.com/oasislinux/openssh

    Openssh can also be built without openssl.

    Leave a comment:


  • kpedersen
    replied
    Originally posted by S.Pam View Post

    And GnuTLS
    I'm quite a fan of BearSSL for my own projects. Though for work I tend to stick to OpenSSL because "its the norm innit!".

    Leave a comment:


  • S.Pam
    replied
    Originally posted by uid313 View Post

    I think you're right. But there is also LibreSSL and BoringSSL.
    And GnuTLS

    Leave a comment:


  • kpedersen
    replied
    Originally posted by brad0 View Post

    Definitely would NEVER happen with LibreSSL.
    I do get a few chuckles when guys jump on the OpenBSD mailing lists to recommend such a thing. Certainly a guilty pleasure of mine.

    Leave a comment:


  • brad0
    replied
    Originally posted by uid313 View Post
    I think you're right. But there is also LibreSSL and BoringSSL.
    Definitely would NEVER happen with LibreSSL.

    Leave a comment:


  • uid313
    replied
    Originally posted by kpedersen View Post

    It seems to be the OpenSSL layer that is the most prone to security issues. It would be better that got a rewrite (Rust is fine but I think I would be happy with *any* rewrite). Rust is basically just a thin dependent layer and doesn't do much on its own. It is the dependencies it pulls in. All written in C.

    So no point OpenSSH in Rust being done when it is built on top of sand and mud anyway.
    I think you're right. But there is also LibreSSL and BoringSSL.

    Leave a comment:

Working...
X