Update on RegreSSHion
Rene Malmgren
rene.malmgren at redtoken.ae
Fri Sep 5 00:46:22 AEST 2025
I did link to Dropbear in my latest post, but I would not say that Dropbear is a good replacement for every use case. It depends a lot on what you are doing.
Now from my perspective I would say that there is demand for a better version of SSH on the market, since almost every developer uses it, and its use everywhere, including airports, banks, crypto exchanges and so on.
Obviously, I would not recommend anybody working with digital assets to classify OpenSSH as a secure system in their workflow, you have to be totally mad.
Would you put 1000 BTC on a system and have OpenSSH as a frontline software to protect it?
Would you accept software from a company that does it?
/Rene
________________________________
From: Stuart Henderson <stu at spacehopper.org>
Sent: Wednesday, September 3, 2025 2:09 PM
To: Rene Malmgren <rene.malmgren at redtoken.ae>
Cc: openssh-unix-dev at mindrot.org <openssh-unix-dev at mindrot.org>
Subject: Re: Update on RegreSSHion
On 2025/09/03 05:16, Rene Malmgren wrote:
> As promised, I have made an update on my post, I realized I forgot to post it.
>
> /Rene
>
> https://againstallflags.wordpress.com/2025/08/24/update-on-regresshion/
> [https://s0.wp.com/i/blank.jpg]<https://againstallflags.wordpress.com/2025/08/24/update-on-regresshion/>
> Update on RegreSSHion<https://againstallflags.wordpress.com/2025/08/24/update-on-regresshion/>
> A few days ago, I published a blog post where I outlined my findings from research into CVE-2024-6387, along with questions about whether it was safe to continue using OpenSSH by OpenBSD in the fut…
> againstallflags.wordpress.com
| "Decommission and replace" stands, not because of proven malice, but
| because malice cant be ruled out, along with systemic issues,
| questionable processes, and disregard for user safety.
As you're proposing replacement, what would you recommend is used
instead?
More information about the openssh-unix-dev
mailing list