Priya PatelTLDR:
– SSH3 is a new version of the Secure Shell protocol that has been revamped with HTTP using QUIC+TLS1.3 for security and HTTP Authorization for user authentication.
– The new version brings enhancements such as faster session establishment, new HTTP authentication methods, robustness to port scanning attacks, UDP port forwarding, and all the features allowed by the modern QUIC protocol.
SSH or Secure Shell is a cryptographic network protocol that enables secure communication and remote access over an unsecured network. It is widely used for secure command-line login, file transfers, and tunneling of other protocols. A new version of SSH, SSH3, has recently been launched.
SSH3 has been revamped with HTTP using QUIC+TLS1.3 for security and HTTP Authorization for user authentication. It offers a secure way to access and manage devices, servers, and systems by encrypting data during transmission and verifying the identity of the connecting parties.
The new version brings a multitude of enhancements, including significantly faster session establishment, new HTTP authentication methods like OAuth 2.0 and OpenID Connect, robustness to port scanning attacks, UDP port forwarding, and all the features allowed by the modern QUIC protocol.
SSH3 leverages TLS 1.3, QUIC, and HTTP for secure channels, adopting proven internet security methods from e-commerce and banking. It also supports standard and new authentication methods like OAuth 2.0, enabling login with accounts from Google, Microsoft, and Github.
However, SSH3 is in the early proof-of-concept stage and needs extensive cryptographic review before production approval. It is open-source for community feedback but not recommended for production without peer review. Testing it in sandboxes or private networks is recommended due to potential risks.
SSH3 offers security against scanning and dictionary attacks by hiding behind a secret link that enhances protection against unauthorized access. It also implements various OpenSSH features such as parsing ~/.ssh/authorized_keys on the server, certificate-based server authentication, using ssh-agent for public key authentication, direct TCP port forwarding, and proxy jump.
The developers of SSH3 are seeking collaboration for the responsible progression of the protocol. They invite security experts for code review and feedback and encourage engagement with standards bodies for formal processes. The aim is to enhance SSH3 for safe production, but thorough cryptographic review and recognition by security authorities are acknowledged as necessary.
