> I'm very weary indeed of re-implementations of SSH servers.

The security properties of this are a little scary, too: the recommended configuration here has all hosts trusting the bastion, which kind of undoes the point. Pwn the bastion host, and pwn everything.

It's trickier, but a decent ssh jumphost requires the user to authenticate to the bastion and the host behind.

I think this is fulfilling a slightly different niche - further down in the README it talks specifically about opening a separate connection to the host and recording the session for audit purposes.

Which offers a little more than a simple SSH bastion would, unless there are features like this in OpenSSH I'm not aware of.

> OpenSSH has been battle-tested to death

So have wet paper bags ;]

Just because the OP didn't use unsafe {} anywhere in their code doesn't mean it's not used in any dependencies. Just glancing at some of the deps I can already see there is a lot of unsafe usage deep down that are "wrapped" in safe interfaces. Rust is not some kind of silver bullet for safety. It just makes it more explicit.

Also, I'm less concerned about the memory safety than the _complete reimplementation of SSH_ from scratch. So give me OpenSSH any day for things that are actually important.

Id trust old software written in a memory unsafe language that has a sterling track record over new software written in a safer language that has not much of a track record at all.

The Rust authors condemned the world to play their stupid game of semantics when they created the `unsafe` keyword.

The feature turns off extra compile time checks. That’s it. It doesn’t mean the program is correct.

This program still allows potentially damaging things like `rm -rf /`. So, it’s not data safe. It’s unknown whether it’s secure safe either, since it’s not been audited and it’s still “alpha”.

Please educate yourself.

https://www.openbsd.org/security.html

https://www.openssh.com/history.html