undefined | Better HN

0 pointspphysch4y ago0 comments

It's not about trusting the security of SSH vs TLS, but rather the ergonomics of deploying either technology. All the Big Cloud providers offer both, last time I checked.

Point is, you can offer a secure & functional remote shell without touching Linux PAM or the Linux authx stack beyond `useradd` and a locked-down `sshd_config`. Orgs that already offer web services over HTTPS may find this route desirable.

0 comments

3 comments · 1 top-level

DarylZero4y ago· 2 in thread

> without touching Linux PAM or the Linux authx stack

..falsely implying you'd have to "touch" this stuff to set up OpenSSH on port 22.

pphyschOP4y ago

If you are exposing SSH to the world or your customers, you have to do a lot more than "touch" this stuff to achieve reasonable security. That's the point.

DarylZero4y ago

No you don't.

Why would you need to modify PAM for SSH on port 22 but not SSH over TLS?

1 more reply

j / k navigate · click thread line to collapse