Guillaume DarmontSep 27, 2025
nixCraft 🐧

SSH3 is a new, faster SSH protocol built on top of HTTP/3 (QUIC + TLS 1.3). It offers several key advantages over classic SSH such as: Faster session setup, Supports modern authentication methods like OAuth 2.0 and OpenID Connect, alongside traditional methods, enhanced security by being invisible to port scanning attacks, and more.

https://github.com/francoismichel/ssh3

GitHub - francoismichel/ssh3: SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/

SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/ - francoismi...

GitHub
Sep 27, 2025 at 6:15pmWeb
Show threadThomas B. RückerSep 27, 2025
@nixCraft this piqued my interest, but I came to realize:
This seems stalled and hasn't seen development. The IETF draft expired. https://datatracker.ietf.org/doc/draft-michel-remote-terminal-http3/
Also it's not SSH in the classic sense and they were working on a final name.
Finally, clearly marked as not production ready.
Remote terminal over HTTP/3 connections

The secure shell (SSH) traditionally offers its secure services over an insecure network using the TCP transport protocol. This document defines mechanisms to access remote terminals by running the SSH Connection protocol over HTTP/3 using Extended CONNECT. Remote terminals over HTTP/3 enables additional benefits such as the scalability offered by HTTP multiplexing, relying on TLS for secure channel establishment leveraging X.509 certificates, HTTP Authentication schemes for client and server authentication, UDP port forwarding and stronger resilience against packet injection attacks and middlebox interference.

IETF Datatracker
Show threadThomas B. RückerSep 27, 2025
@nixCraft Dug a little bit deeper. The project seems to have dropped dead at the exact time the main person behind it switched from PhD at university to working for Apple.
This thing is not going anywhere.
Show threadAttila KinaliSep 27, 2025
@nixCraft While I think that ssh might need some work here and there, I do not think we need to make session setup faster. Probably in half the cases ssh is used to get an interactive shell. Whether that takes 10ms or 100ms doesn't really matter, layer 8 will still be the limiting element. As for scripts running stuff on remote machines. There it might be useful. But even then, I don't think that many people are limited by the time needed to setup a connection.
Show threadLasse LeegaardSep 27, 2025
@attilakinali @nixCraft besides, it is pretty easy to tweak (disable what you do bot use) ciphers, protocols, features, etc. to make proper ssh go faster.
Show threadNexusSfanSep 27, 2025
@nixCraft Whatever happened to Mosh?
Show threadqwertzSep 27, 2025

@nixCraft

Reinventing the wheel is the new hobby....

Show threadMarco D'AleoSep 28, 2025
@nixCraft this sounds cool. But with the latest commit 1 year ago and the latest release 2 years ago... Well... I don't feel confident trying it even in my lab.
Show threadNoorOct 11
@nixCraft Also featured: Insanely expanded attack surface!