Building a Zero Trust *ssh.Client.
So there's a new system for building secure applications called OpenZiti.
The system allows you to create "dark" applications, by which they mean, applications that do not expose ports on the internet that can be discovered by attackers with port scanning. Regular ssh (secure shell, which gives you a command line on a remote machine), for example, uses port 22, so anyone who tries to connect to TCP port 22 will be able to connect to the ssh daemon running on the machine. The port number can be changed, but 22 is the standard for ssh. Once the user is connected, they still can't actually get a command line and run any commands, because they have to get through ssh's authentication process. But they can connect in the first place. What if the application could be made "dark" so there isn't any port to connect to at all?
The way this is accomplished is, a different set of machines are designated as "nodes" and one of them acts as a "controller". The application connects to one of the nodes, and the end user connects to a different node. The system is called "zero trust" because unauthenticated users are not allowed to connect to the nodes. The nodes are not allowed to run applications, only shuffle messages from place to place. The application is reached through the connection the application made to a node, not by having an open port on the application machine. So by the time any data reaches an application, the user has already been authenticated. The communication is end-to-end encrypted. So the authentication and privacy functions are moved out of applications and into the OpenZiti system.
The controller is necessary to set up the system, which by the way is called a "mesh network". Often they simply use the word "network" but it's important to distinguish between this "mesh network", which is made of software, and the physical network that is the internet.
Inside this "mesh network" is a complete public key infrastructure system. So instead of having ssh and HTTPS and every other system that wants secure communication to have its own ad-hoc public key infrastructure, you just make one public key infrastructure system for your whole organization.
It's written in Go but uses a library called libsodium for cryptography. The Go standard library has extensive cryptography services, so I wonder what it is missing that made them resort to using libsodium, which is written in C. Anyway, what's here is an example implementation of an ssh client that uses this system in Go. The reason it says "*ssh.Client" in the title is that "ssh.Client" is an interface in Go
and the "*" indicates a pointer. (And I put in that line break to keep diaspora from making boldface.)
This is an interesting idea -- outsourcing key security services to a mesh network, instead of having it reside in each application. I wonder if this idea will catch on.
