Glossary · Definition
SSH
SSH (Secure Shell) is the encrypted protocol every developer uses to log into remote servers, copy files (scp / rsync), and forward ports. Modern setups use key-pair authentication; passwords are deprecated for production.
Definition
SSH (Secure Shell) is the encrypted protocol every developer uses to log into remote servers, copy files (scp / rsync), and forward ports. Modern setups use key-pair authentication; passwords are deprecated for production.
What it means
An SSH connection establishes an encrypted tunnel between the client and a server running sshd. Authentication can be by password (low-security, deprecated for prod), public key (the standard — your private key stays on your machine, public key on the server), or hardware (YubiKey via FIDO2). Once authenticated, you have a shell on the remote machine. Beyond shell access: scp / rsync for file transfer, ssh -L for port forwarding (use a remote DB through localhost:5432), ssh -D for SOCKS proxy (route traffic through a remote machine), and ssh -A for agent forwarding (lets the remote use your local keys to auth elsewhere — convenient but a security risk).
Advertisement
Why it matters
SSH is the universal sysadmin tool. Every cloud server, Raspberry Pi, GitHub repo (via git@github.com), and Kubernetes pod ends up accessed via SSH. The right config: ed25519 keys (faster + smaller than RSA), per-host config in ~/.ssh/config, agent-based key management (ssh-agent + 1Password / GitHub Mobile), MFA on hosts, audit logs centralized. The wrong config: password auth on internet-facing servers, sharing keys across team members, shipping private keys in containers.
Frequently asked questions
RSA vs ed25519?
Use ed25519 — smaller (256-bit), faster, and not vulnerable to common RSA-factoring attacks. RSA still works fine but is legacy.
How do I avoid typing passphrase repeatedly?
Add the key to ssh-agent: `ssh-add ~/.ssh/id_ed25519`. macOS Keychain integration adds the key permanently. 1Password can also act as the agent.
Is SSH agent forwarding safe?
It's convenient but lets a compromised remote impersonate you to other servers. For most sysadmins: don't enable by default; enable per-session when you actually need it.
Related terms
- DefinitionHTTPSHTTPS is HTTP wrapped in a TLS-encrypted tunnel. Everything between your browser and the server — URLs, form data, cookies, response bodies — is encrypted in transit so a network observer (cafe Wi-Fi, ISP, anyone in between) can't read it or change it.
- DefinitionTLSTLS (Transport Layer Security) is the encryption protocol that wraps any TCP connection in an authenticated, encrypted tunnel. It's what makes HTTPS, secure SMTP, and most modern internet traffic private.