undefined | Better HN

0 pointsDarylZero4y ago0 comments

No you don't.

Why would you need to modify PAM for SSH on port 22 but not SSH over TLS?

0 comments

3 comments · 1 top-level

pphysch4y ago· 2 in thread

Because you completely handle authn/authz on the web backend instead of in PAM

No one gets a shell until they get through your RBAC/ABAC solution

The question was:

> Why would you need to modify PAM for SSH on port 22?

I don't believe you have an answer.

Because in 2022 we have access to things like 2FA and ABAC and SSH certs to not get pwned.

How do you intend on implementing those without Linux PAM or additional backend services??

j / k navigate · click thread line to collapse