2017-11-03 13:53 GMT+01:00 Gregory Edigarov <[email protected]>: > You should be asking HP how come they can't keep the free sshd code >> updated, >> if security is your prime concern, not ask openbsd to lower everyone elses >> security. >> >> I think for most vendors, it is a rather administrative, than technical > question. > Yes, their technical people can update code, yes they can do it quick, but > their management is slow... > > I think you can let them update for decades and they will not update the sshd anyhow. So in the end, the conclusion was true, "since ssh has moved on, if I want to keep using my old hw, I need to resort to insecure ways of administering them", where it may be ancient ssh clients or telnet or serial ports.
When it comes to IT security, stuff like "was removed 2 years ago, and deprecated for X years before that, and better versions have been available for X+Y years" actually matters. You can wave your arms and pretend as if this was a big shock for you, but actually there is a lot of diligence being skipped in order for someone to end up in a situation like this. And not just in the customer end, but the vendor also. And everyone else that keep an unpatched admin station around just to make that random old system going even though vendors claim to care for your security. -- May the most significant bit of your life be positive.
