After a password-sniffing attack at his university network, Tatu Ylönen designed the first version of the Secure Shell (SSH) protocol. 25 years later, more than 95% of the servers used to power the internet have SSH installed. The internet as we know is largely managed using SSH.
But how did this all happen? How did the protocol become a cornerstone of a safe internet, and what does a European Commissioner or a lego brick have to do with it?
The internet without SSH?
In 2020 SSH is one of the most trusted brands in cyber security – it has over 3000 customers worldwide, including 40% of the Fortune 500. Banks, retailers, technology companies and government organizations all around the world have partnered with SSH.COM to solve major security challenges.
“SSH.COM’s perspective on cryptography is special.” Sam Curry says. “The company has an ability to make high quality crypto code in a world where most companies can't. And that's kind of special.”
And the protocol itself – it is used for managing more than half of the world's web servers and basically any Unix or Linux computer, on-premise and in the cloud. Information security specialists and system administrators use it to configure, manage, maintain, and operate most firewalls, routers, switches, and servers in the millions of mission-critical networks and environments of our digital world. It is also embedded inside many file transfer and systems management solutions.
Considering all that, how would the internet look like without SSH?
“Well, that’s a good question. It is safe to say that the internet would look tremendously different, but how? We can’t really know”, Ylönen says. “If I would not have come up with the protocol, someone would have invented something else. What that would look like – we can only imagine.”
25 years of innovation - together with our customers and partners
For the last 25 years, SSH.com has provided easy-to-use, best-of-breed cybersafety products for its diverse customer base. The company ‘s core idea has remained true all these years: encrypt and manage access to critical IT infrastructures, databases, applications or network devices.
While the first, trusted products like Tectia and UKM will be equally needed in the future, SSH.COM has developed new future-proof tools to serve complex cloud environments where permanent digital keys need to be replaced with intelligent policy-based access control.
The future of encryption needs to have an answer for the challenges of quantum technology. With NQX, the company introduced quantum-ready encryption software for protecting classified data in transit. SinceNQX is software-based, it enables easy, fast and cost effective future transition to post-quantum algorithms, when they become available.
The SSH protocol is not going anywhere, but it’s implementation is moving towards key-less and credentials direction. In a way, this is a logical development.
First, there was a need to secure and encrypt data traffic, which lead to the birth of the SSH protocol and the Tectia product - the gold standard in secure file transfer.
Then, the access credential of the protocol itself - SSH key - turned into a risk factor, since keys could be generated almost at will, used without proper oversight and there was no way for companies to centrally manage them. This lead to the birth of UKM - the most comprehensive SSH key management solution on the market.
Now we have cloud services and servers, which are never permanent and are used on-demand, it’s only logical to build access solutions that provide on-demand access without permanent credentials or keys. This lead to the birth of the PrivX product - the lean, easy-to-use and passwordless privileged access management solution with a great return on investment (ROI) .
We at SSH.COM are proud of our history. We’ve also had the pleasure and privilege of working with some of the most demanding customers and technologies in the world for 25 years. That’s not a small feat in a constantly evolving IT world, and it has required a high level or expertise, culture of innovation and determination.
We would not be here without our customers who keep our business running, help us develop our products and always push us forward. We could not have done this without our partners who expand our reach beyond our own capabilities. We would not be the company we are today without the hundreds of fantastic people all over the world who have worked hard towards making the world a safer place.
Here’s to the next 25 years of the SSH protocol, the company behind it and the safe internet!