I don't want to be paniced by this. Yes, a backdoor was sneaked into SSH. But it was found and removed.

I'm pretty confident that a backdoor attempt will be made to something else in the future, but my guess is that SSH will not be the target: too many people will be watching.

It might be useful to be able to block SSH access from certain regions (for example, China, Russia and MAGAland*) but to replace a simple, reliable system like SSH with a complex and therefore insecure web-page-based kludge feels like a leap in the wrong direction.

It ain't broke: please don't fix it.

*It isn't very likely, but it is possible that the USA will end up with either Trump as president, or in a modern civil war, some of which will be fought on the web.

On 14 Apr 2024 at 01:33, Andy Smith via BitFolk Users <users@mailman.bitfolk.com> wrote:
Hi,

In light of the recent XZ/lzma backdoor we should perhaps think
harder about how complex sshd is and the wisdom of exposing that to
the entire Internet.