Update on RegreSSHion
Stuart Henderson
stu at spacehopper.org
Fri Sep 5 21:55:32 AEST 2025
On 2025/09/04 14:46, Rene Malmgren wrote:
> I did link to Dropbear in my latest post, but I would not say that
> Dropbear is a good replacement for every use case.
yes, it's a good fit in some circumstances (as is tinyssh) but is quite
limited, and I don't think it's likely to have been through anything
like the analysis that OpenSSH has been through (e.g. consider the lovely
detailed write-ups from Qualys for the things which they've investigated
and found issues with - and think how much more investigation must have
been done that hasn't resulted in anything that could be written up...)
> Now from my perspective I would say that there is demand for a better
> version of SSH on the market, since almost every developer uses it,
> and its use everywhere, including airports, banks, crypto exchanges
> and so on.
"on the market" is an interesting term here - I don't think I would
want to be trusting something like this software to market forces.
I'd expect actual security and careful design to take a backseat to
tickbox marketing items.
More information about the openssh-unix-dev
mailing list