We need a djbsssh remote encrypting and authenticating system. Who better to write it than Dan Bernstein, who has written qmail and djbdns. Neither of these packages has had a security lapse. The expectation is that djbsssh will be equally secure. Just as qmail is a secure replacement for sendmail, and djbdns is a secure replacement for BIND, so will djbsssh be a secure replacement for ssh.

djbsssh will have these features:

• It will use a state of the art cryptographic system.
• All connections will be encrypted.
• All connections will be authenticated.
• The default installation of the server will be chrooted.
• The server will optionally chroot for selected users.
• No remote root logins allowed.
• Hosts will have public keys.
• Users will have public keys, with optional passphrase.