On 02/01/18 03:29, Michael Ströder wrote:
How high is the risk that this unmaintained device is added to yet-another-bot-net in the Internet-of-shitty-devices or is used to enter parts of your network.
I think that is what is called a straw-man argument. If a device can be compromised in the way you suggest, then I am sure it will be replaced, but it will be replaced because it needs to be, not because its management interface cannot be accessed via the latest openssh. Disallowing use of openssh doesn't encourage people to throw away expensive gear, it encourages them to throw away new versions of openssh.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev