Your browser does not allow storing cookies. We recommend enabling them.

Tatu Ylonen, Inventor of SSH

Tatu Ylonen, Inventor of SSH & CEO of SSH Communications Security

Hi, I'm Tatu Ylonen, the inventor of SSH. I'm a cybersecurity expert and a software engineer.

My current technical interest relate to broader cybersecurity priorities and how to design systems to be more secure. I look at the big picture, how entrerprises operate, and go into deep technical issues.

I was the principal author of NIST IR 7966, the best practice guidelines for SSH key management. I was also the principal author the IETF standards on the SSH protocol, including RFC 4251, 4252, 4253, and 4254.

I designed the original SSH protocol and wrote the ssh-1.x and ssh-2.x software implementations in 1995 and published it as open source. Today, OpenSSH continues its open source tradition based on my original free version.

I've started a few companies, the most significant being SSH Communications Security. I started the company to provide commercial support for SSH and develop other cybersecurity technologies. The company went public on NASDAQ OMX Nordic in 2000. I work for SSH full time. I'm based in the Boston area.

I've always been an entrepreneur, but by heart I'm an engineer. I love to write code, design architectures, and educate people. To create new technology and come up with new ideas.

I've also held business roles in my companies from time to time, including CTO, CEO, and Chairman of a public company.

Contact Me

Please follow me on Twitter to receive regular updates on top security topics.

Also please connect via Linkedin if you work in cybersecurity or know me.

Also see my research home page about my current activities.

I can also be reached by email as ylo at, but beware that when I'm busy, it may take several days or even weeks for me to go through all emails and respond. If it is important, don't hesitate to contact again after a few days. Please also respect that I absolutely do not wish to receive marketing emails. I get way too much spam! I generally take a negative attitude towards companies that send me unsolicited marketing emails.

My ACM vcard




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now