Tuesday, September 10, 2024
HomeCyber Security NewsSSH3 - Faster & Rich Secure Shell Using HTTP/3

SSH3 – Faster & Rich Secure Shell Using HTTP/3

Published on

SSH or Secure Shell is a cryptographic network protocol that enables secure communication and remote access over an unsecured network. 

This network protocol is widely used for secure command-line login, file transfers, and tunneling of other protocols.

It provides a secure way to access and manage devices, servers, and systems by encrypting data during transmission and verifying the identity of the connecting parties.

- Advertisement - EHA

A new version of SSH has been launched recently, SSH3, which has been revamped with HTTP using QUIC+TLS1.3 for security and HTTP Authorization for user authentication.

Document
Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

SSH3 New Improvements

The new version brings a multitude of new enhancements, and here below, we have mentioned all the enhancements:-

  • Significantly faster session establishment.
  • New HTTP authentication methods, such as OAuth 2.0 and OpenID Connect, are in addition to classical SSH authentication.
  • Robustness to port scanning attacks: your SSH3 server can be made invisible to other Internet users.
  • UDP port forwarding, in addition to classical TCP port forwarding.
  • All the features allowed by the modern QUIC protocol, including connection migration (soon) and multipath connections.

SSH3 – Faster & Rich Secure Shell

SSH3 leverages TLS 1.3, QUIC, and HTTP for secure channels by adopting proven internet security methods from e-commerce and banking. 

It supports standard and new authentication methods like OAuth 2.0, enabling login with accounts from Google, Microsoft, and Github.

SSH3 in early proof-of-concept needs extensive cryptographic review before production approval. Open-source for community feedback, not recommended for production without peer review. 

Testing it in sandboxes/private networks is recommended due to potential risks. SSH3 offers security against scanning and dictionary attacks by hiding behind a secret link that enhances the protection against unauthorized access.

OpenSSH features implemented

Here below, we have mentioned all the OpenSSH features implemented:-

  • Parses ~/.ssh/authorized_keys on the server
  • Certificate-based server authentication
  • known_hosts mechanism when X.509 certificates are not used.
  • Automatically using the ssh-agent for public key authentication
  • SSH agent forwarding to use your local keys on your remote server
  • Direct TCP port forwarding (reverse port forwarding will be implemented in the future)
  • Proxy jump (see the -proxy-jump parameter). If A is an SSH3 client and B and C are both SSH3 servers, you can connect from A to C using B as a gateway/proxy. The proxy uses UDP forwarding to forward the QUIC packets from A to C, so B cannot decrypt the traffic A<->C SSH3 traffic.
  • Parses ~/.ssh/config on the client and handles the Hostname, User, Port, and IdentityFile config options (the other options are currently ignored). Also parses a new UDPProxyJump that behaves similarly to OpenSSH’s ProxyJump.

Developers seek collaboration for the responsible progression of SSH3 by inviting security experts for code review and feedback. Encouraged to engage with standards bodies for formal IETF/IRTF processes. 

With collective effort, they aim to enhance SSH3 for safe production but acknowledge the need for thorough cryptographic review and recognition by security authorities for reasonable security claims.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. available.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a...

Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap

As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to...

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

CISA Issues Warning About Three Actively Exploited Vulnerabilities in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three...