sshd_config compression option no longer a security risk

[AngeloThys]

The compression option is no longer a security risk, as the compression now only occurs after the user has been authenticated.

The reason why it used to be a security risk is because it was possible for compression to happen before authenticating the user, this feature has been completely removed.

So, the only and recommended value of compression should be yes. As per default.

Source: openssh, release 7.4

sshd(8): Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Pre-auth compression support has been disabled by default for >10 years. Support remains in the client.

[Triveri]

I understand that now Compression yes behaves like Compression delayed, still, from the ssh man page:

Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks.

So, even if it's not a security risk anymore, I'm not sure Compression yes should also be the recommended value.