The protocol now uses HTTP / 3 and TLS 1.3 for speed and security.
The first official release of the experimental implementation of the server and client for the SSH3 protocol is available , designed in the form of an add-on over the HTTP/3 protocol, using QUIC (based on UDP) and TLS 1.3 to install a secure communication channel and HTTP mechanisms for user authentication. The project is led by Francois Michel, a graduate student at the Catholic University of Louvain (Belgium), with the assistance of Olivier Bonaventure, a professor at the same university, known for developing Multipath TCP and IPv6 segment routing for the Linux kernel, as well as participating in the writing of 10 RFCs and more than 60 drafts of network specifications. The client and server reference implementation code is written in Go and licensed under Apache 2.0.
The main features of SSH3 are:
The first official release of the experimental implementation of the server and client for the SSH3 protocol is available , designed in the form of an add-on over the HTTP/3 protocol, using QUIC (based on UDP) and TLS 1.3 to install a secure communication channel and HTTP mechanisms for user authentication. The project is led by Francois Michel, a graduate student at the Catholic University of Louvain (Belgium), with the assistance of Olivier Bonaventure, a professor at the same university, known for developing Multipath TCP and IPv6 segment routing for the Linux kernel, as well as participating in the writing of 10 RFCs and more than 60 drafts of network specifications. The client and server reference implementation code is written in Go and licensed under Apache 2.0.
The main features of SSH3 are:
- A new approach to the semantics of the classic SSH protocol: SSH3 uses HTTP mechanisms to implement functionality previously inherent in SSH, which allows you to implement additional features and hide SSH activity among other traffic.
- HTTP Integration: The SSH3 server looks like a regular HTTP server and runs on port 443 (HTTPS). SSH3 traffic is mixed with regular HTTP traffic, which makes it more difficult to identify SSH servers and conduct attacks on them.
- Secret Path Identifier: A secret path identifier can be used to enhance the security of the SSH3 server. This ID specified in the URL allows you to connect to the server only with the correct ID. If the ID is specified incorrectly, the server returns the standard error "404".
- Advanced Authentication Features: SSH3 supports authentication using X. 509 certificates and OAuth 2.0/OpenID Connect methods, in addition to traditional SSH methods.
- UDP Port forwarding support: In addition to TCP ports, SSH3 allows UDP port forwarding, including QUIC, DNS, and RTP.
- Advanced features of the QUIC protocol: SSH3 includes features of the QUIC protocol, such as migration of connections without disconnecting the connection and installation of multipath connections for parallelizing traffic over multiple routes.
- Improved connection setup time: SSH3 reduces the number of network iterations when establishing a connection to the server, which increases its efficiency.
- Using TLS 1.3 for encryption: SSH3 uses the TLS 1.3 protocol to encrypt the communication channel, providing a high level of security.
- Multiple authentication methods: SSH3 supports a variety of authentication methods, including passwords, public keys (RSA and EdDSA/ed25519), and OAuth 2.0.
- Integration with external providers: SSH3 allows you to use authentication through third-party providers, such as Google, Microsoft, and GitHub, using the OAuth 2.0 protocol.
- OpenSSH Compatibility: The SSH3 implementation supports many basic OpenSSH features, such as authorized_keys files, client configuration files, certificate authentication, and the known_hosts mechanism. It is also compatible with OpenSSH Agent and supports direct forwarding of TCP ports.
