- Why Sharetru?
- Resource Hub
When you think of user access security, you might think of traditional security measures, like submitting your username and password. While these basic security measures may have protected you in the past, they’re not quite strong enough to withstand advanced attacks from today’s hackers.
Thus, many organizations are turning to SSH-key authentication to provide a greater level of security for SFTP solutions compared to traditional password measures. In this article, we’ll look at what SSH-Key Authentication entails, and how this security measure protects your data better than other options.
What is SSH-Key Authentication?
With traditional username and password authentication methods, you simply input two pieces of data and gained access to the applicable solution. How does an SSH-key differ from this access method?
SSH-keys are a means of identifying a user within the SSH protocol (used by SFTP). With this method, your SSH-keys are used to identify a user logging into an SSH server through public-key cryptography and challenge-response authentication. This is both a more convenient and more secure method of user authentication than traditional username/password methods.
In terms of convenience, SSH-keys, when used with a program known as an SSH agent, allow users to connect to a server or multiple servers, without requiring the user to remember and re-enter their password when logging into multiple solutions, making for faster, easier log-ins.
From a security standpoint, using SSH-keys to authenticate a user’s identity leads to greater protection of your data. Username/password authentication can often lead to security compromises, in particular, brute force attacks by hackers. Brute force attacks are facilitated by a tool used by hackers to run thousands of username and password possibilities in seconds. When you’re not using username and password login methods, you can avoid these types of attacks altogether.
We’ll look at some of the benefits of using SSH-key authentication below, but first, let’s take a closer look at how SSH-keys work to authenticate users. With this method, a pair of keys are created and stored on the user’s computer. One key is private, while the other public key is shared with solutions during the authentication process. So, for example, if you were using SSH-keys to gain access to an SFTP server, the public key would be shared with the server. That key is compared to the server’s stored key for that username, which would have been stored on the server in advance. If the keys match, the user gains access. If they don’t match, access is denied. The private key also plays a role in the process, but the server only looks at the public key being submitted.
So, why should you leave traditional password login methods behind, and use SSH-key authentication in your business? Let’s look at some benefits below.
For companies that deal with highly sensitive data, having a highly secure method of user authentication is essential. SFTP servers using SSH-keys can be up to 4096 bits in length, making them nearly impossible to hack. In fact, this level of security is equivalent to using a password with at least 12 characters, which is uncommon for human-generated passwords.
Traditional human passwords are highly vulnerable in terms of protecting against unauthorized access. Humans make passwords that are easy to guess (like “1234” or “password”). Also, it’s common for people to use the same password across multiple solutions, which makes it easy to hack those solutions once a hacker has a single password. With SSH-keys, you avoid these vulnerabilities, as SSH-keys are automatically generated and not user-generated.
When users only log into solutions with username/password combinations, they can access solutions from any device. Using non-secure devices, like mobile phones, tablets, or personal computers, makes it easy for hackers to gain access or steal credentials. When you use SSH-keys instead to log into solutions, only approved devices that store the private SSH-keys are able to gain access. Your employees are prevented from using unauthorized devices, even if they make an attempt to do so.
Sometimes, despite your best efforts, a data breach can still occur. If you use passwords to verify with a server and the server has been compromised by a breach, the hacker can steal the password and potentially do more damage. With passwords disabled and SSH keys required, even if a hack attempt occurs, the nefarious party won’t be able to access the user account.
Often SFTP involves automation scripts run from the client-side of the connection. The first step of an automation script is to authenticate the user with the server. Since a script is essentially a text file, it is never a good idea to embed a username and a password inside the script file. Instead, the script should use a username with an SSK-key associated only with the computer running the script.
Adopting a solution to protect your data, like an SFTP server that uses SSH-keys, is ideal for any business that doesn’t want to face the risk of a data breach. As you search for new solutions or look for ways to increase security for your current solutions, consider using SSH-keys instead of passwords, and adopting a solution that facilitates this security measure.
Learn more about what to look for in a secure file sharing solution. Download this free Comparison Guide now.
Founder of Sharetru (Formerly FTP Today) and a respected voice in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.
Get industry-leading thought leadership content to stay informed, delivered to your inbox.