SSH, also known as Secure Shell, has been a widely used cryptographic network protocol for secure communication and remote access over unsecured networks. It is primarily used for secure command-line login, file transfers, and tunneling of other protocols. This protocol is crucial in providing a secure way to access and manage devices, servers, and systems by encrypting data during transmission and verifying the identity of the connecting parties.
Recently, a new version of SSH called SSH3 has been introduced, aiming to bring a multitude of new improvements while addressing the evolving security needs of the digital space. SSH3 leverages HTTP using QUIC+TLS1.3 for security and HTTP Authorization for user authentication, providing a faster and more secure way of exchanging data over the internet.
The new version of SSH features significantly faster session establishment, robustness to port scanning attacks, UDP port forwarding, and all features allowed by the modern QUIC protocol, among others. SSH3 leverages TLS 1.3, QUIC, and HTTP for secure channels, adopting proven internet security methods from e-commerce and banking. Furthermore, it supports standard and new authentication methods like OAuth 2.0, enabling logins with accounts from Google, Microsoft, and Github.
However, despite the promising enhancements, SSH3 still needs extensive cryptographic review before production approval. It is currently open-source for community feedback and not recommended for production without peer review. Testing it in sandboxes or private networks is highly recommended due to potential risks. Nonetheless, SSH3 offers security against scanning and dictionary attacks by hiding behind a secret link, enhancing protection against unauthorized access.
Additionally, the implementation of OpenSSH features has been a significant part of SSH3’s development process. The new features include parsing of ~/.ssh/authorized_keys on the server, certificate-based server authentication, known_hosts mechanism when X.509 certificates are not used, automatic use of the ssh-agent for public key authentication, SSH agent forwarding, direct TCP port forwarding, and proxy jump, among others.
Developers working on SSH3 are actively seeking collaboration for the responsible progression of the protocol. They are inviting security experts for code review and feedback and encouraging engagement with standards bodies for formal IETF/IRTF processes. Their ultimate goal is the safe and secure production of SSH3, but they acknowledge the need for thorough cryptographic review and recognition by security authorities for reasonable security claims.
Overall, the introduction of SSH3 has brought significant advancements in the field of secure shell protocols. While the protocol is still in the early stages of development, it shows great promise for the future of secure communication and remote access over unsecured networks. With continued collaboration and feedback from the security community, SSH3 has the potential to set new standards in secure network communication.