SSH: Less Relevant In the Cloud

Jul 10, 2022
The Lindy Effect is a heuristic that the future life expectancy of non-perishable entities is proportional to their age. The longer something has already lasted, the higher likelihood it will continue to endure. – Observations of the Lindy Effect

Secure Shell or SSH has been the de facto way to connect to a server remotely. It's been around since 1995. It's simple on the surface – it uses public-key cryptography (or a password) to authenticate on a remote server. The connection protocol can open up terminal shells (to execute commands or transfer files), or do bidirectional forwarding (client-to-server/server-to-client).

But SSH is slowly fading into the background for two reasons. First, the client/server architecture makes it difficult to deploy inside a container or other ephemeral infrastructure (not to mention added attack surface area for security). Second, managing public-key infrastructure for potentially large amounts of servers without a granular authorization framework (you can only SSH as different UNIX users) makes it difficult to manage in cloud environments.

If you're using Kubernetes, you might use kubectl exec, kubectl cp, or kubectl port-forward. On the surface, kubectl commands act a lot like SSH, allowing users to execute commands, open up a shell, copy a file, or forward ports. Under the hood, they operate very differently (SSH is a low-level transport protocol). On the other hand, you get the full RBAC authorization model using kubectl exec, and no need for bastion hosts.

AWS has AWS Systems Manager (SSM) allows you to "exec" into serverless or on-prem resources. Again, a much different model than SSH (or even kubectl exec) but solving a similar problem.

Some customers will manage significantly fewer servers, and others will manage substantially more. Either way, SSH won't fully go away, but the way we create sessions on our application environments will evolve.