惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
Malwarebytes
Malwarebytes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cybersecurity and Infrastructure Security Agency CISA
F
Future of Privacy Forum
C
Cisco Blogs
T
The Exploit Database - CXSecurity.com
A
Arctic Wolf
S
Securelist
K
Kaspersky official blog
S
Schneier on Security
T
ThreatConnect
T
Tenable Blog
Spread Privacy
Spread Privacy
T
True Tiger Recordings
AWS News Blog
AWS News Blog
F
Fox-IT International blog
量子位
T
Threatpost
V
Vulnerabilities – Threatpost
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
宝玉的分享
宝玉的分享
腾讯CDC
G
Google Developers Blog
aimingoo的专栏
aimingoo的专栏
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队
S
SegmentFault 最新的问题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
U
Unit 42
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
O
OpenAI News
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
The Register - Security
The Register - Security
MyScale Blog
MyScale Blog
小众软件
小众软件
A
About on SuperTechFans
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
美团技术团队
Google Online Security Blog
Google Online Security Blog
P
Proofpoint News Feed
MongoDB | Blog
MongoDB | Blog

DEV Community

Vessel Ops Audit AI-Generated PRs Before You Merge Them (Swarm Orchestrator 10.3.0) AI Can Generate Interfaces on the Fly. But Users Still Need Orientation. How We Learned That Most Resume Rejections Happen Before Humans See Your CV How I Prepared for CKA: Resources, Labs, and Strategy That Worked for Me Stop Flying Blind: We Built an LLM Evaluation Framework That Works Across 17+ Agent Frameworks The Misleading "User is not authorized to access connection" Error in AWS CodeBuild — and Why Your IAM Policy Looks Fine I Resurrected a Dead F1 Project and Accidentally Built a Race Intelligence OS Remix Mini PC: After a Year of Dead Ends, the eMMC Finally Talks Not All Games Are Equal: The Real Difference Between a Trap and a Tool How to add Peppol e-invoicing to your SaaS without making it your team's problem I Built a Hermes Agent to Tell Me Which Hackathons to Enter. It Told Me to Enter This One. The Five Hooks That Change How You Ship With Claude Code Powering Your Progress: Building Robust Solutions with Laravel I built a self-hosted CI/CD platform with persistent queue, encrypted secrets, and rollback UI — here's what I learned Antigravity 2.0 and the $1,000 OS: Why "Agent-First" Feels Like the Direction I've Been Building Toward Anyway I built an AI PR-triage agent in 30 lines of Markdown Core Web Vitals from 74 to 91: A Real Tax Practitioner Site Rebuild I Gave Gemma 4 150 Tools on Windows. Here's What Actually Happened. Beyond the Loop: Why Monolithic AI Agents Fail and How to Build a Microkernel Architecture The Hidden Tax of AI-Assisted Development (And How I Fixed It) I Ditched Cloud LLMs for Gemma 4 4B: A DevOps Engineer's 48-Hour Reality Check Building a Schema.org @graph That Validates on the First Try The "Lift and Shift" Trap: Why Your Integration Layer Needs More Than Just a Cloud Address All 7 OSI Layers Explained with Real-World Analogies Antigravity 2.0 in one day: the four shells and what each is good for Self-Hosting Google Fonts with size-adjust: Zero CLS Web Font Swap The Multi-Provider LLM Problem: Why “One API” Is Not Enough How I indexed 69,000 Claude Code skills (and what I learned doing it) RememberMe CareGrid: Local Gemma 4 for dementia memory and safety Google Is Killing Gemini CLI on June 18. Here Is What to Do Before Then Do Domínio ao Deploy: Hospedando Arquivos de Deep Links no Cloudflare Pages (Parte 7.1) Running Gemma 4 26B on an Old GTX 1080 with llama.cpp Devlog 1: I tried building an SNES game with the super FX chip Why Gemma 4 Feels Like an Important Moment for AI Developers✨ From Zero and Confused, This Is How I Started Learning to Code I Built a Local AI Gateway That Talks to Claude, ChatGPT, DeepSeek and Gemini — Without a Single API Key Bootstrapping with AI: Why Gemma 4 is the Micro-SaaS Founder’s Best Friend MyErp Architecture Series - #02 Cellular Architecture: Mapping Biology to Software Systems NodeJS vs Bun vs Go 🌍 RTL Arabic Style UI How Does an AI Agent Actually Buy Something? Google Just Published the Spec. Google I/O 2026 Is One Uncanny F.R.I.E.N.D.S Group Upgrade I Replaced 70MB Node.js Log Viewer with a 172KB Zig Binary The "MTTR Is All You Need" Trap The Quiet Revolution: How Firebase Became the First Agent-Native Backend at Google I/O 2026 I Built ResuMate! A 100% Private, Local AI Resume Optimizer with Google Gemma 4 Learning DirectX 12 - Part 2 Initialization Theory NeuralHats: I Put Edward de Bono’s Six Thinking Hats on Local LLMs Using Gemma 4 📝 Instant Auto Save Notes Engineering the "App-Like" Experience: A Deep Dive into PWA Architecture I built a local first AI CCTV assistant using Gemma 4 + Frigate CrowdShield AI — Smart Stadium Operating System & Crowd Intelligence Platform I built a free AI observability tool, prove your AI is useful, not just running Beyond Autocomplete: Why Google Antigravity 2.0 Changes the Rules for Indie Builders 터미널 AI 에이전트 구축 (v12) Building Instagram-Powered Apps with HikerAPI (Without Fighting Scrapers) Checkpoints, Not Transcripts: Rethinking AI Coding Agent Memory From Side Project to Student Savior: My AI PPT & Resume Tool Crossed 1.5K+ Users Why Story Points Don’t Work in the AI Era, And What Should Take Their Place Instead. Self-Hosted Document AI: How to Run Document Intelligence On Your Own Infrastructure (2026) How to Extract Tables from PDFs with AI: 4 Methods That Actually Work (2026) IDP vs OCR: What's the Difference — and Which Does Your Business Actually Need? Automated PII Detection and Redaction in Business Documents: A Practical Guide Human-in-the-Loop Document Review: When to Use It and How to Set It Up (2026) Document Processing Without RPA: A Modern Approach for Small Teams Reducto Alternative: When You Need More Than a Document Parser (2026) Hermes Agent vs LangChain vs CrewAI: When to Reach for Each SparshAI: I Built an Offline AI Tutor for Students Using Gemma 4 — Here's What Happened Building NeuroSense AI: A Human-Centered Stress Insight Assistant Powered by Gemma Why I Built a Privacy-First Dev Toolkit GAS Input Tags: Ability Activation Without Hardcoded Bindings AI Legal Document Advisor Supported By Gemm 4 Model Building Convertify in Public Week 10: PDF Cluster + Blog Launch CureNet AI: Decentralized Health Intelligence for India, Powered by Gemma 4 and ABHA Standardization When Open-Weights AI Meets a Broken Healthcare System: Deploying Gemma 4 in Rural India V.A.L.I.D. Google I/O 2026: The Year Google Stopped Building AI Assistants and Started Shipping AI Engineers Bondmap: AI-Powered Relationship Network That Maps How You're Connected to Everyone Using Gemma 4 Gemma 4 challenge inspired me to build my first app! 96. LoRA: Fine-Tune a Billion-Parameter Model on a Laptop From a Student Who Used CircuitVerse to a GSoC Contributor — My Community Bonding Story How Bf-Tree Keeps Mini-Pages Small, Hot, and Cheap to Evict I asked Claude to explain the chip war and ended up understanding modern geopolitics differently Stop Manually Checking for Server Updates: Automate With Email Notifications Nostalgia Meets Cybersecurity: Spotting Modern Scams in a Retro OS Simulator - Forward or Fraud CRACKING CODING INTERVIEW From Python to Production Pipeline :A Practical guide to Apache Airflow Antigravity 2.0: Google Just Changed What It Means to Be an Engineer I Built a Free Sticker Maker Because Every Other One Hid the Export How I bypassed Blazor WebAssembly's Virtual DOM using raw WASM pointers Distributed Tracing for LLM Agents: When MCP Makes Tool Calls Observable The Zero-Budget Memory Setup Behind My AI Agent Workflow No database. No framework. Just files, startup order, correction logs, and discipline. I Built an AI Second Brain with Gemma 4 The Most Exciting Google I/O 2026 Announcement for Me: HTML-in-Canvas CrisisLens: Compressing Disaster Scenes into 200-Byte Emergency Payloads with Gemma 4 I'm 15 and I built a todo app with Telegram Stars payments — only legal way for me to monetize before turning 18 Crypto Branding After the Token Launch Building an on-chain alerts bot in Python without any blockchain library FinePrint — An AI Pocket Lawyer That Decodes Predatory Contracts Using Gemma 4
SSH in 2026: Why Every Developer Should Know It Cold
Mahafuzur Ra · 2026-05-25 · via DEV Community

What Is SSH?

SSH — Secure Shell — is a cryptographic network protocol that lets you securely connect to remote machines, transfer files, tunnel traffic, and automate infrastructure operations over any network, including the open internet. It was created in 1995 by Tatu Ylönen as a direct response to a password-sniffing attack at his university. In the thirty years since, it has become the foundational protocol of the entire modern internet's operational layer.

If you have ever run git push to GitHub, deployed code to a cloud server, used a CI/CD pipeline, managed a Linux machine, or connected to a remote database, you have interacted with SSH — whether you knew it or not.

What Problem Does SSH Solve?

Before SSH, the standard tools for remote server access were telnet, rsh, and rlogin. These protocols transmitted everything in plaintext: your username, your password, every command you typed, every file you transferred. Anyone on the same network segment with a packet sniffer could read all of it.

SSH replaced that entire class of tools with a single, secure alternative that provides:

Confidentiality. Every byte of traffic is encrypted with modern symmetric ciphers (AES-256, ChaCha20). An eavesdropper who intercepts your packets sees only ciphertext.

Authentication. Both sides prove their identity. The server proves it holds the private key matching the public key you've already trusted. You prove your identity via a password, a cryptographic key pair, or a certificate — no shared secrets written in plaintext config files.

Integrity. Every packet carries a Message Authentication Code (MAC). If any byte is altered in transit — by an attacker, by a faulty router, by anything — the connection immediately detects it and closes. You cannot silently receive corrupted data.

Forward Secrecy. Modern SSH uses ephemeral key exchange (Curve25519, ECDH), meaning the session keys are freshly generated for every connection and never stored. Even if a server's long-term private key is stolen years later, past session traffic cannot be decrypted.

Why SSH Still Matters in 2026

You might wonder: with VPNs, zero-trust networking, cloud consoles, and web-based terminals, is SSH still relevant in 2026? Emphatically yes — and in some ways, more relevant than ever.

Cloud infrastructure runs on SSH

Every major cloud provider — AWS, GCP, Azure, DigitalOcean, Hetzner — provides SSH as the primary access mechanism for virtual machines. AWS EC2 instance connect, GCP OS Login, Azure's SSH extensions — they are all SSH under the hood. Understanding SSH means you can work fluently across every cloud provider, not just click through their proprietary consoles.

The DevOps and platform engineering toolchain is built on SSH

Ansible uses SSH as its transport layer for every automation task. Terraform uses SSH for provisioners. Kubernetes node management often involves SSH. Git's remote protocol over SSH is how most teams push and pull code every day. The entire fabric of infrastructure-as-code tooling assumes SSH literacy.

The attack surface for SSH misconfiguration is enormous

SSH servers are exposed to the internet on hundreds of millions of machines. Misconfigured SSH — root login allowed, password authentication enabled, weak host key algorithms, no rate limiting — is one of the most common initial access vectors in real-world breaches. Knowing SSH deeply means you know exactly what to lock down and why.

Remote and distributed work demands reliable secure access

In a world where engineers routinely work across multiple continents and access infrastructure in dozens of regions, SSH tunneling, jump hosts, and agent forwarding are practical daily tools — not niche capabilities.

Zero-trust doesn't eliminate SSH — it structures it

Modern zero-trust architectures often use SSH certificates issued by a short-lived CA, combined with identity providers, to grant time-bounded access to specific hosts. Understanding SSH deeply is a prerequisite for implementing these systems correctly.

The Security Benefits That Matter

No more password-based access

Public key authentication eliminates the entire category of password-based attacks: brute force, credential stuffing, password spray. There is no password to guess. An attacker who doesn't hold your private key cannot authenticate, period.

Keys stay on your machine

With public key authentication, your private key never leaves your device. The server only needs your public key, which is designed to be shared. A compromised server cannot leak credentials that would grant access to other servers.

Auditable access

SSH access is logged. Every login attempt, every authenticated session, and every command executed (when configured) is written to system logs. This creates an audit trail that is essential for compliance (SOC 2, ISO 27001, PCI-DSS) and incident response.

Principle of least privilege through key management

Different key pairs for different contexts, per-key restrictions in authorized_keys, certificate-based access with scope constraints — SSH's key model maps directly onto the principle of least privilege. A key for your personal laptop can be separately revoked from a key for your CI/CD pipeline.

Encrypted tunnels for everything

SSH port forwarding can secure connections to databases, internal web dashboards, development servers, and any TCP-based service — without requiring TLS to be configured on those services individually. This is immediately useful in development environments and internal infrastructure.

What SSH Adds to a Developer's Skillset

Fluency with remote environments

The ability to log into a remote Linux machine and be immediately productive — navigating the filesystem, inspecting processes, reading logs, editing config files, running commands — is a foundational professional skill. SSH is the door to that environment.

Debugging production systems

When something is wrong in production, SSH gives you direct access: check running processes with ps, inspect memory with free, examine network connections with ss, read application logs with journalctl, tail log files in real time. Developers who can do this independently are far more valuable than those who depend on someone else to access the server.

Git workflows at a professional level

GitHub, GitLab, and Bitbucket all support SSH authentication for remote operations. Setting up an SSH key for Git authentication, understanding ~/.ssh/config for multiple accounts (personal vs. work GitHub), using ssh-agent to avoid passphrase prompts — these are markers of a developer who has moved beyond beginner tooling.

# ~/.ssh/config for multiple GitHub accounts
Host github-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_work

Host github-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_personal

Enter fullscreen mode Exit fullscreen mode

Deployment and CI/CD

Virtually every deployment pipeline uses SSH to reach servers, copy files, or execute remote commands. Understanding SSH keys means you can correctly set up deployment keys (read-only keys scoped to a single repository), configure CI/CD pipelines with SSH secrets, and debug connection failures when deploys break.

Jump hosts and bastion servers

Enterprise and security-conscious infrastructure puts production servers on private networks, accessible only through a bastion (jump) host. Navigating this is trivial with SSH:

# Jump through bastion to reach an internal server
ssh -J bastion.company.com user@internal-db.company.internal

# Or in ~/.ssh/config:
Host internal-db
    HostName 10.0.1.50
    User ubuntu
    ProxyJump bastion.company.com

Enter fullscreen mode Exit fullscreen mode

Developers who know this pattern can access internal infrastructure as smoothly as if it were public-facing.

Port forwarding as a superpower

Need to connect to a database in a private network? Forward it locally:

ssh -L 5432:postgres.internal:5432 user@bastion
# Now connect to localhost:5432 in any database GUI

Enter fullscreen mode Exit fullscreen mode

Need to expose your local development server to share with a colleague? Remote forward it:

ssh -R 8080:localhost:3000 user@public-server
# Your colleague can now reach your app at public-server:8080

Enter fullscreen mode Exit fullscreen mode

This is a skill that looks like magic to those who don't know it, and is completely routine to those who do.

Infrastructure as code tooling

Ansible, the most widely used configuration management tool, requires no agent on target machines — it operates entirely over SSH. Writing Ansible playbooks and understanding how they authenticate and connect to managed hosts is impossible without SSH knowledge. The same applies to Fabric (Python), Capistrano (Ruby), and custom deployment scripts.

Reading and writing sshd_config with confidence

Hardening an SSH server is a core skill for anyone who owns infrastructure:

# Hardened sshd_config
Port 2222                          # Non-default port (minor friction for scanners)
PermitRootLogin no                 # Never allow direct root login
PasswordAuthentication no          # Keys only
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
AllowUsers deploy alice bob        # Explicit allowlist
MaxAuthTries 3                     # Limit brute-force attempts
LoginGraceTime 20                  # Reduce window for connection attacks
X11Forwarding no                   # Disable unless needed
AllowTcpForwarding yes             # Or no, if you don't need tunneling

Enter fullscreen mode Exit fullscreen mode

Knowing exactly what each of these does — and why — is the difference between a server that gets owned in 48 hours and one that survives on the public internet.

Common Misconceptions About SSH

"I use cloud consoles, I don't need SSH." Cloud consoles are convenient until they're not: network outages, browser issues, session timeouts, lack of scripting support. SSH gives you a direct connection that works from any terminal, scriptable, pipeable, automatable.

"SSH keys are complicated." Generating a key pair is one command. The conceptual model — public key on the server, private key on your machine — takes five minutes to understand and a lifetime to leverage.

"Password auth is fine if it's a strong password." Passwords are vulnerable to brute force, phishing, credential dumps, and accidental exposure in scripts. Public key auth has none of these vulnerabilities. The security difference is not marginal; it is categorical.

"SSH is just for sysadmins." Every developer who writes software that runs on a server, deploys code, works with databases, or builds CI/CD pipelines needs SSH. The line between developer and operator has been dissolved by DevOps. SSH is a core developer tool.

Getting Started: The Minimum Viable SSH Literacy

If you want to build genuine SSH competence, here is the path:

Week 1 — The basics. Generate an Ed25519 key pair. Add your public key to a cloud server. Disable password authentication. Connect without a password and understand why it worked.

Week 2 — Configuration. Set up ~/.ssh/config with aliases, identity files, and options for the servers you use. Add your SSH key to ssh-agent. Configure SSH for multiple GitHub accounts.

Week 3 — Tunneling. Use local port forwarding to connect to a remote database through a bastion. Try remote port forwarding to expose a local server. Set up a SOCKS proxy.

Week 4 — Hardening and automation. Configure sshd_config on a server you control. Write a simple deployment script that uses ssh and scp or rsync. Explore authorized_keys options like command=, no-pty, and restrict.

Beyond that: explore SSH certificates, certificate authorities, ssh-audit for scanning your server's configuration, and tools like HashiCorp Vault's SSH secrets engine for dynamic, short-lived certificates at scale.

Conclusion

SSH is thirty years old and shows no signs of being replaced. Its cryptographic foundations — updated regularly as algorithms age — remain sound. Its protocol design is clean, extensible, and widely implemented. Its ecosystem of tools, integrations, and workflows is mature and battle-tested.

In 2026, SSH literacy is table stakes for anyone who ships software to servers, manages infrastructure, or works in any environment where security and reliability matter — which is almost everyone. It is not a niche skill for operators. It is a core skill for software developers.

The investment required to learn SSH properly is measured in hours. The return — in productivity, security posture, incident response capability, and professional credibility — pays dividends for the rest of your career.

Learn it. Use it. Know it cold.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。