14 Apr
2024
14 Apr
'24
9:31 a.m.
I don't want to be paniced by this. Yes, a backdoor was sneaked into SSH. But it was
found and removed.
I'm pretty confident that a backdoor attempt will be made to something else in the
future, but my guess is that SSH will not be the target: too many people will be watching.
It might be useful to be able to block SSH access from certain regions (for example,
China, Russia and MAGAland*) but to replace a simple, reliable system like SSH with a
complex and therefore insecure web-page-based kludge feels like a leap in the wrong
direction.
It ain't broke: please don't fix it.
*It isn't very likely, but it is possible that the USA will end up with either Trump
as president, or in a modern civil war, some of which will be fought on the web.
On 14 Apr 2024 at 01:33, Andy Smith via BitFolk Users <users(a)mailman.bitfolk.com>
wrote:
Hi,
In light of the recent XZ/lzma backdoor we should perhaps think
harder about how complex sshd is and the wisdom of exposing that to
the entire Internet.