Saturday, January 18, 2025
HomeCyber Security NewsSSH3 - Faster & Rich Secure Shell Using HTTP/3

SSH3 – Faster & Rich Secure Shell Using HTTP/3

Published on

SIEM as a Service

Follow Us on Google News

SSH or Secure Shell is a cryptographic network protocol that enables secure communication and remote access over an unsecured network. 

This network protocol is widely used for secure command-line login, file transfers, and tunneling of other protocols.

It provides a secure way to access and manage devices, servers, and systems by encrypting data during transmission and verifying the identity of the connecting parties.

A new version of SSH has been launched recently, SSH3, which has been revamped with HTTP using QUIC+TLS1.3 for security and HTTP Authorization for user authentication.

Document
Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

SSH3 New Improvements

The new version brings a multitude of new enhancements, and here below, we have mentioned all the enhancements:-

  • Significantly faster session establishment.
  • New HTTP authentication methods, such as OAuth 2.0 and OpenID Connect, are in addition to classical SSH authentication.
  • Robustness to port scanning attacks: your SSH3 server can be made invisible to other Internet users.
  • UDP port forwarding, in addition to classical TCP port forwarding.
  • All the features allowed by the modern QUIC protocol, including connection migration (soon) and multipath connections.

SSH3 – Faster & Rich Secure Shell

SSH3 leverages TLS 1.3, QUIC, and HTTP for secure channels by adopting proven internet security methods from e-commerce and banking. 

It supports standard and new authentication methods like OAuth 2.0, enabling login with accounts from Google, Microsoft, and Github.

SSH3 in early proof-of-concept needs extensive cryptographic review before production approval. Open-source for community feedback, not recommended for production without peer review. 

Testing it in sandboxes/private networks is recommended due to potential risks. SSH3 offers security against scanning and dictionary attacks by hiding behind a secret link that enhances the protection against unauthorized access.

OpenSSH features implemented

Here below, we have mentioned all the OpenSSH features implemented:-

  • Parses ~/.ssh/authorized_keys on the server
  • Certificate-based server authentication
  • known_hosts mechanism when X.509 certificates are not used.
  • Automatically using the ssh-agent for public key authentication
  • SSH agent forwarding to use your local keys on your remote server
  • Direct TCP port forwarding (reverse port forwarding will be implemented in the future)
  • Proxy jump (see the -proxy-jump parameter). If A is an SSH3 client and B and C are both SSH3 servers, you can connect from A to C using B as a gateway/proxy. The proxy uses UDP forwarding to forward the QUIC packets from A to C, so B cannot decrypt the traffic A<->C SSH3 traffic.
  • Parses ~/.ssh/config on the client and handles the Hostname, User, Port, and IdentityFile config options (the other options are currently ignored). Also parses a new UDPProxyJump that behaves similarly to OpenSSH’s ProxyJump.

Developers seek collaboration for the responsible progression of SSH3 by inviting security experts for code review and feedback. Encouraged to engage with standards bodies for formal IETF/IRTF processes. 

With collective effort, they aim to enhance SSH3 for safe production but acknowledge the need for thorough cryptographic review and recognition by security authorities for reasonable security claims.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. available.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....