In case you want to try a secure SSH server that doesn’t depend on OpenSSL, TinySSH is your latest choice at the time of writing. The first version is experimental and very light (has only 48996 words of code). TinySSH uses state-of-the-art high-security cryptographic library NaCl / TweetNaCl.
TinySSH uses non-OpenSSL state-of-the-art cryptographic libraries. Attempts to be secure by design.
TinySSH claims to offer good security on TCP and is designed for perfect security on CurveCP. CurveCP is similar to TCP but uses high-speed and high-security elliptic-curve cryptography to protect every packet against espionage, corruption, and sabotage.
Features of TinySSH:
- Easily auditable – TinySSH has less than 100000 words of code
- No dynamic memory allocation – TinySSH has all memory statically allocated (less than 1MB)
- Simple configuration – TinySSH can’t be misconfigured
- Reusing code – TinySSH is reusing build mechanism from NaCl and libraries from CurveCP implementation
- Reusing software – TinySSH is using tcpserver/curvecpserver for TCP/CurveCP connection
- Limited amount of features – TinySSH doesn’t have features such: SSH1 protocol, compression, scp, sftp, …
- No older cryptographic primitives – rsa, dsa, classic diffie-hellman, md5, sha1, 3des, arcfour, …
- No copyright restrictions – TinySSH is in the public domain
- No dependency on OpenSSL – TinySSH is using NaCl / TweetNaCl
- Open source
In this early stage, the only way to install TinySSH is to compile and install it from source. The well-explained instructions are available here.