On Nov 14,  3:29am, Jason R Thorpe wrote:
} 
} (FreSSH has addressed some of the issues with SSHv1 with some extensions,
} but the FreSSH developers haven't had time to work on FreSSH much for ...
} quite a while, and these extensions only work with FreSSH anyway.)

     The last time there was an OpenSSH issue, the FreSSH developers
said they would try to pick up the pace.  Even with their "famed
auditing", OpenSSH seems to have a serious security hole appear every
couple of months (this doesn't say much about the quality of their
code).  Every time, they do this, I have to update 20+ systems.  Many
of them are unique, so I can't just compile on one machine and sprinkle
it around like magic dust.  Also, given that they sounded a major panic
unnecessarily, I don't trust them.  They made it seem like I had to
update all 20+ systems on the spot, when there was no need to update
any of them, except to make a config change on a handful.  They just
happen to be the best choice available at the moment.  However, I would
really really like an alternative.

}-- End of excerpt from Jason R Thorpe