SSH3: Faster and rich secure shell using HTTP/3

Summary

Note SSH3 is probably going to change its name. It is still the SSH Connection Protocol (RFC4254) running on top of HTTP/3 Extended connect, but the required changes are heavy and too distant from the philosophy of popular SSH implementations to be considered for integration. The specification draft has already been renamed ("Remote Terminals over HTTP/3"), but we need some time to come up with a nice permanent name. SSH3: faster and rich secure shell using HTTP/3 SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. It comes from our research work and we (researchers) recently proposed it as an Internet-Draft (draft-michel-remote-terminal-http3-00). In a nutshell, SSH3 uses QUIC+TLS1.3 for secure channel establishment and the HTTP Authorization mechanisms for user authentication. Among others, SSH3 allows the following improvements: Significantly faster session establishment New HTTP authentication methods such as OAuth 2.0 and OpenID Connect in addition to classical SSH authentication Robustness to port scanning attacks: your SSH3 server can be made invisible to other Internet users to other Internet users UDP port forwarding in addition to classical TCP port forwarding All the features allowed by the modern QUIC protocol: including connection migration (soon) and multipath connections ⚡ SSH3 is faster Faster for session establishment, not throughput ! SSH3 offers a significantly faster session establishment than SSHv2. Establishing a new session with SSHv2 can take 5 to 7 network round-trip times, which can easily be noticed by the user. SSH3 only needs 3 round-trip times. The keystroke latency in a running session is unchanged. SSH3 (top) VS SSHv2 (bottom) session establishement with a 100ms ping towards the server. 🔒 SSH3 security While SSHv2 defines its own protocols for user authentication and secure channel establishment, SSH3 relies on the robust and time-tested mechanisms of TLS 1.3, QUIC and HTTP. These proto...