Hi,
On Thu, Sep 04, 2025 at 02:46:22PM +0000, Rene Malmgren wrote:
> Would you put 1000 BTC on a system and have OpenSSH as a frontline software to protect it?
I would not put 1000 BTC on a system that is accessible via any means
from the Internet. This is how real men do "security".
But if I had to, OpenSSH would be the least of my worries. I guess I'd
ensure that only pubkey auth is possible, that there is a firewall in
the way that only allows specific subnets that I trust, etc. - but that
is general good hygiene. Reduce blast radius. Bugs happen.
Like, kernel bugs that are exploitable remotely... so, "do not put things
on the Internet".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
