Discover more from Matt Rickard
SSH: Less Relevant In the Cloud
The Lindy Effect is a heuristic that the future life expectancy of non-perishable entities is proportional to their age. The longer something has already lasted, the higher likelihood it will continue to endure. – Observations of the Lindy Effect
Secure Shell or SSH has been the de facto way to connect to a server remotely. It's been around since 1995. It's simple on the surface – it uses public-key cryptography (or a password) to authenticate on a remote server. The connection protocol can open up terminal shells (to execute commands or transfer files), or do bidirectional forwarding (client-to-server/server-to-client).
But SSH is slowly fading into the background for two reasons. First, the client/server architecture makes it difficult to deploy inside a container or other ephemeral infrastructure (not to mention added attack surface area for security). Second, managing public-key infrastructure for potentially large amounts of servers without a granular authorization framework (you can only SSH as different UNIX users) makes it difficult to manage in cloud environments.
If you're using Kubernetes, you might use
kubectl cp, or
kubectl port-forward. On the surface,
kubectl commands act a lot like SSH, allowing users to execute commands, open up a shell, copy a file, or forward ports. Under the hood, they operate very differently (SSH is a low-level transport protocol). On the other hand, you get the full RBAC authorization model using
kubectl exec, and no need for bastion hosts.
AWS has AWS Systems Manager (SSM) allows you to "exec" into serverless or on-prem resources. Again, a much different model than SSH (or even
kubectl exec) but solving a similar problem.
Some customers will manage significantly fewer servers, and others will manage substantially more. Either way, SSH won't fully go away, but the way we create sessions on our application environments will evolve.