dracut-sshd
tinyssh
| dracut-sshd | tinyssh | |
|---|---|---|
| 7 | 8 | |
| 204 | 1,388 | |
| - | - | |
| 4.6 | 5.0 | |
| about 1 month ago | 14 days ago | |
| Shell | C | |
| - | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dracut-sshd
- Tinyssh
-
home server encryption
There is also dracut-sshd, which works great for distros using - surprise - dracut.
-
Encryption with NAS Volume
Personally, I'm running OpenSuse Tumbleweed and used the graphical installer this time out of convenience. If you want to remotely unlock it over ssh, I can recommend https://github.com/gsauthof/dracut-sshd. Works pretty well.
-
I switched to MicroOS GNOME and I don't think I'm returning back to regular distributions
The only thing that prevented me from going with MicroOS during my last server install was uncertainty about how well it would handle remote unlocking of luks system encryption for which I'm using dracut-sshd.
-
Getting WiFi to Connect Early (for dracut-sshd).
I'm trying to use the dracut-sshd package on Fedora 35. The instructions only describe how to use dracut-network and networkd to get a wired internet connection during boot (for SSH to work). I'm completely unfamiliar with these so I'm not sure what to change in order to make it work with a wireless connection instead. I tried changing their example in various ways with no luck.
- Remotely unlocking headless server
-
Remote unlocking encrypted system via ssh doesn't work!
I prefer this https://github.com/gsauthof/dracut-sshd
tinyssh
-
Ldd /usr/sbin/sshd – Alpine vs. Ubuntu for exploitability of CVE-2024-3094
While on topic of sshd having minimal dependencies, shout-out to Jan Mojžíš and his minimalist implementation:
https://github.com/janmojzis/tinyssh/
- Tinyssh
-
Large scale Internet SSH brute force attacks seem to have stopped here
> [after] hardening steps [...] most of the bots can't even negotiate a connection
Yep, same here, except I'm using [tinyssh], which organically does not support anything other than ed25519/curve25519, sha256, and chacha-poly.
[tinyssh] https://tinyssh.org/
-
OpenSSH 8.9
djb suggested that for openssh instead of the tinydns kex, so tinydns switched also:
https://github.com/janmojzis/tinyssh/issues/50
- tinyssh
- FreeBSD SSH Hardening
What are some alternatives?
wireguard-initramfs - Use dropbear over wireguard.
dropbear - Dropbear SSH
dracut-crypt-ssh - dracut initramfs module to start dropbear sshd during boot to unlock the root filesystem with the (cryptsetup) LUKS passphrase remotely
ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
dracut - dracut the event driven initramfs infrastructure
server-side-tls - Server side TLS Tools
u-root - A fully Go userland with Linux bootloaders! u-root can create a one-binary root file system (initramfs) containing a busybox-like set of tools written in Go.
Samba - https://gitlab.com/samba-team/samba is the Official GitLab mirror of https://git.samba.org/samba.git -- Merge requests should be made on GitLab (not on GitHub)
ubuntu-server-zfsbootmenu - Ubuntu zfsbootmenu install script
testssl.sh - Testing TLS/SSL encryption anywhere on any port
yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition
yubikey-agent - yubikey-agent is a seamless ssh-agent for YubiKeys.