I did link to Dropbear in my latest post, but I would not say that Dropbear is a good replacement for every use case. It depends a lot on what you are doing. Now from my perspective I would say that there is demand for a better version of SSH on the market, since almost every developer uses it, and its use everywhere, including airports, banks, crypto exchanges and so on. Obviously, I would not recommend anybody working with digital assets to classify OpenSSH as a secure system in their workflow, you have to be totally mad. Would you put 1000 BTC on a system and have OpenSSH as a frontline software to protect it? Would you accept software from a company that does it? /Rene ________________________________ From: Stuart Henderson <stu@xxxxxxxxxxxxxxx> Sent: Wednesday, September 3, 2025 2:09 PM To: Rene Malmgren <rene.malmgren@xxxxxxxxxxx> Cc: openssh-unix-dev@xxxxxxxxxxx <openssh-unix-dev@xxxxxxxxxxx> Subject: Re: Update on RegreSSHion On 2025/09/03 05:16, Rene Malmgren wrote: > As promised, I have made an update on my post, I realized I forgot to post it. > > /Rene > > https://againstallflags.wordpress.com/2025/08/24/update-on-regresshion/ > [https://s0.wp.com/i/blank.jpg]<https://againstallflags.wordpress.com/2025/08/24/update-on-regresshion/> > Update on RegreSSHion<https://againstallflags.wordpress.com/2025/08/24/update-on-regresshion/> > A few days ago, I published a blog post where I outlined my findings from research into CVE-2024-6387, along with questions about whether it was safe to continue using OpenSSH by OpenBSD in the fut… > againstallflags.wordpress.com | "Decommission and replace" stands, not because of proven malice, but | because malice cant be ruled out, along with systemic issues, | questionable processes, and disregard for user safety. As you're proposing replacement, what would you recommend is used instead? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
