Picture this: "Webhosting Company loses 13 million plaintext passwords" in bold at the head of a blog or a paper.
Few headlines can send this many chills down the backs of an IT security team, and this is one. Even without the jump-scares, that's how a security team's horror movie looks.
As long as the Internet exists, transferring data between two or more endpoints will always be challenging. There are vulnerabilities in file transfer from the moment a user logs in. Usernames, passwords, encryption, and data are all viable targets.
A Detour to FPS and Telnet Protocol
An article about SSH that doesn't pay homage to its predecessors is incomplete. Long live FPS and Telnet protocols; the foundations of managed file transfer as we know it today.
All forms of data transfer occur across two endpoints: a client and a server. A file transfer protocol such as FPS or SFPS is what facilitates this transfer. For its many shortcomings, being unencrypted is FPS's biggest one.
As users started sharing more crucial and confidential information across client-server endpoints, there was a need for enhanced security. This need gave rise to symmetric password-based authentication through login protocols such as Telnet and RSH.
Login protocols would require a client and server to have a matching key and password. The client would send the key to the server, and if they matched, bidirectional data transfer could occur.
Try it: Start Your Free Trial of MOVEit Transfer.
The Rise of SSH Protocols
Symmetric password-based authentication would ensure data protection, but the celebration would be short-lived. It was not long before a myriad of issues reared their ugly heads.
Think of everything from IP, DNS, and routing spoofing to packet sniffing and denial of service attacks. The possibilities of threats were endless.
A malicious user, for example, could change a client's IP address to their own and harvest unencrypted information, including plain text passwords and crucial data.
Subsequently, another malicious user could access usernames and intentionally enter wrong passwords leading to a denial of service for key clients.
Telnet, RSH, and FPS protocols were no longer safe. A breakthrough was long overdue. In 1995, a certain Tatu Ylönen would develop Secure Shell Protocol for his personal use.
Fast forward fifteen years later, and SSH protocol is used in millions of companies worldwide.
SSH File Transfer Protocol Stripped Down to the Bone
Secure Shell (SSH) was born out of the inherent insecurity associated with FTP and Telnet protocols. Unlike Telnet that used two channels for client-server authentication, SSH would use one channel. A client would send their key to the server, and if the server's key matched, bidirectional transfer of data could occur.
Moreover, SSH used industry-standard encryption such as AES to secure data. With encryption, malicious users could not interpret harvested data even after a breach. It doesn't stop there.
SSH uses hashing algorithms such as the SHA-2 to ensure that hackers don't corrupt data during its bi-directional transfer.
Industry-standard encryption, check. Hashing algorithms and multiple upgrades, check. Could asymmetric identification be the cherry on top?
SSH Authentication and Asymmetrical Identification
SSH allowed asymmetric identification. In this case, servers could use cryptography to ensure that the client and server keys were different. This assurance would make man-in-the-middle attacks almost impossible since a hacker could obtain either of the two passwords but not both.
How the SSH Protocol Works
Step 1: The SSH client initiates the connection by contacting the SSH server
Step 2: The SSH server sends the public key
Step 3: Both the SSH server and SSH client negotiate their protocols and constraints
Step 4: The user can then login and access the server host
SSH Authentication
Another upside of using an SSH protocol is the various options for user authentication. A user can choose these depending on the level of security they desire. They include:
- Password-Based Authentication
In password-based authentication, the server and the client use a password and key to authenticate the sincerity of the connection.
- Key Based Authentication
Key-based authentication applies to the use of public and private keys. A server has a secret private key and a public key that it sends when a client requests it.
The private and public keys are not always similar. However, they undergo algorithmic changes and calculations that provide a similar result. If the algorithms calculate a resultant match between public and private keys, the server grants user access.
When to Use the SSH Protocol
The SSH protocol was a revolutionary improvement. Its many applications have found their way into day to day operations of several B2B and B2C companies. Some of the applications of the SSH protocols include:
- File Transfer
One word—encryption. Because SSH makes good use of AES algorithms, it has a special place in the hearts of companies that require the secure transfer of data and files across endpoints.
- Delivery of Software Updates and Patches
Using passwords to authenticate software updates or patches between a single server and millions of users is begging for chaos. Think updates from Tesla to its millions of cars or Apple to its billions of iPhones. SSH enables you to automate authentication and pass seamless updates and patches through data transfer.
- File Transfer Automation
Using legacy systems, mass file transfer between you and your clients would be a massively time-consuming undertaking without the benefit of centralized monitoring and control. Requiring clients to remember passwords to receive files correctly would also be disastrous. Because the SSH protocol automates authentication, automatic file sharing is a lot easier.
- Remote Maintenance of Crucial Network Infrastructure
The days of manually managing all crucial infrastructure are long gone. These days, your IT teams manage their operating systems, routers, and server hardware remotely. This scenario creates the need for a secure and automated authentication system for data transfer, the best one being SSH.
- Reducing the Reliance on Password Management
The days of symmetric password and key authentication were nothing short of hell for many IT firms. Furthermore, storing millions of passwords in a single database was always a disaster waiting to happen. SSH and private and public keys go a long way to automate server access.
- Automated Machine-to-Machine Processes
Processes such as backups, database updates, and system health monitoring applications across millions of machines could be both risky and time-consuming. Automated authentication allows machine-to-machine process authentication by transferring data and keys across millions of machines automatically.
- SSH and Single Sign-On: A Match Made in Heaven
These past few years have seen SSH find its largest application yet. The ability of SSH to automate authentication has birthed Single Sign-On (SSO) and Password-free access.
In other words, your clients no longer have to enter their passwords each time they access a server or switch between servers. This feature has cut down on login capabilities, and increased signups since customers flow in the path of least resistance.
Reap the Benefits of SSH Today
There is a fine line between satisfactory and excellent when it comes to data security, and MOVEit is here to help you cross it. We leverage secure transfer protocols such as SSH and SFPS together with years of experience to offer unmatched secure file-sharing capabilities. If you are set to cross the bridge from your current data security situation to a whole new level of file sharing security, contact us today.
David Perez
David Perez was the marketing manager for Progress's Managed File Transfer product, MOVEit.