mfsbsd
tinyssh
mfsbsd | tinyssh | |
---|---|---|
5 | 8 | |
471 | 1,388 | |
- | - | |
3.8 | 5.0 | |
3 months ago | 14 days ago | |
Makefile | C | |
BSD 2-clause "Simplified" License | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mfsbsd
-
Build Initramfs Rootless
I'm very new to BSD in general, but I find it very fun and interesting!
However, I need pointers to get started.
> You won't be spoon-fed, and are expected to have read the manuals and other documentations...
I read a lot of FreeBSD and NetBSD documentation to get to the point of compiling my own kernels, but I don't think I ever read about the equivalent concept of Linux cpio/initramfs for BSD. My minimal images use a UFS filesystem.
Here, after checking https://mfsbsd.vx.sk/ and https://github.com/mmatuska/mfsbsd/blob/master/scripts/mdini... I think mfsbsd is just a using tmpfs so it may not exactly the same thing as initramfs, that allows booting linux from a bzImage + initrd
I'll keep searching, it's not super high priority at the moment, but it's something I'd like to do with (Free|Net)BSD.
- MfsBSD: ISO file that create a working minimal installation of FreeBSD
-
Does anyone still use digitalocean for freebsd vms
I suspect it depends on how much support and/or hand-holding you need from your hosting provider. I'd hesitate to run an unofficial build/image but I believe the alternative on DO is to use mfsbsd (a memory-file-system installer for FreeBSD) which is also an unofficial build/image.
-
Is there a way to load the FreeBSD installer to RAM?
The common answer here is to use mfsbsd which puts all the installer's requirements onto a RAM disk so you should (in theory) be able to pull the install media and plug in other devices as needed
-
FreeBSD SSH Hardening
I looked into this for a project a couple of years ago and ended up using mfsbsd instead.
https://github.com/mmatuska/mfsbsd
tinyssh
-
Ldd /usr/sbin/sshd – Alpine vs. Ubuntu for exploitability of CVE-2024-3094
While on topic of sshd having minimal dependencies, shout-out to Jan Mojžíš and his minimalist implementation:
https://github.com/janmojzis/tinyssh/
- Tinyssh
-
Large scale Internet SSH brute force attacks seem to have stopped here
> [after] hardening steps [...] most of the bots can't even negotiate a connection
Yep, same here, except I'm using [tinyssh], which organically does not support anything other than ed25519/curve25519, sha256, and chacha-poly.
[tinyssh] https://tinyssh.org/
-
OpenSSH 8.9
djb suggested that for openssh instead of the tinydns kex, so tinydns switched also:
https://github.com/janmojzis/tinyssh/issues/50
- tinyssh
- FreeBSD SSH Hardening
What are some alternatives?
yubikey-agent - yubikey-agent is a seamless ssh-agent for YubiKeys.
dropbear - Dropbear SSH
dedupfs - A Python FUSE file system that features transparent deduplication and compression which make it ideal for archiving backups.
ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
server-side-tls - Server side TLS Tools
occambsd - An application of Occam's razor to FreeBSD
Samba - https://gitlab.com/samba-team/samba is the Official GitLab mirror of https://git.samba.org/samba.git -- Merge requests should be made on GitLab (not on GitHub)
testssl.sh - Testing TLS/SSL encryption anywhere on any port
tarsnap - Command-line client code for Tarsnap.