@espen There's going to be an unauthenticated RCE in OpenSSH some day. The only way to reduce the chance that RCE will happen is by reducing the amount of codepaths an attacker can hit without creds. The minimum codepaths possible is "Does this UDP packet contain a specific static value? If not, we have reached the end of our codepaths."