DEV Community

Cover image for AWS Session Manager vs SSH
Hafiq Iqmal
Hafiq Iqmal

Posted on

AWS Session Manager vs SSH

#aws #devops #cloud #security

A Comparison between SSM vs SSH

When dealing with the management of server access, there are 2 tools that frequently pop up: AWS Session Manager and SSH. Both have unique benefits and a few downsides. Understanding these should help you decide which is best for your needs.

In this post, we are going to explore the features, benefits, and limitations of each method and dive deep into their security aspects. Also, I'll share why I lean towards SSH over Session Manager.

What is AWS Session Manager?

AWS Session Manager

AWS Session Manager, part of AWS Systems Manager, provides a way to access EC2 instances without needing to open inbound ports or manage SSH keys. It’s integrated into the AWS ecosystem, offering a way to connect directly via the AWS Management Console, CLI or SDKs.

Advantages of AWS Session Manager

  • No Need for Open Ports: You don’t need to expose inbound ports to your instances, which reduces the risk of external attacks.
  • Integrated with IAM: Uses AWS Identity and Access Management (IAM) to control access, simplifying permission management and providing detailed access logs.
  • Logging: Integration with AWS CloudTrail and Amazon CloudWatch offers detailed session logs, useful for auditing and troubleshooting.
  • No SSH Keys: Eliminates the need to manage and rotate SSH keys, which can be a security concern.
  • Cross-Platform: Works with both Linux and Windows instances, making it a flexible choice for diverse environments.

Disadvantages of AWS Session Manager

  • AWS Dependency: You need to be within the AWS ecosystem to use Session Manager. It’s not an option if you’re not using AWS services.
  • Learning Curve: Transitioning from SSH to Session Manager involves learning new tools and processes, which might be a bit challenging.
  • Connectivity Required: Session Manager requires network access to AWS, which can be a limitation if connectivity is unreliable.

What is SSH?

SSH

SSH (Secure Shell) is a protocol that has been used for years to securely access remote machines. It’s a staple tool for many system administrators, providing a secure way to run commands and manage systems remotely.

Advantages of SSH

  • Widely Used and Tested: SSH is a mature tool with broad support. It’s a reliable choice with extensive documentation and community support.
  • Direct Control: SSH provides a straightforward, direct connection to your server, which many find intuitive and easy to use.
  • Offline Access: As long as you have network access, you can use SSH without relying on a specific cloud provider.
  • Customisable: SSH offers extensive configuration options, making it adaptable to various environments and security requirements.

Disadvantages of SSH

  • Port Exposure: SSH typically requires opening port 22, which can be a security risk if not properly managed.
  • Key Management: Managing SSH keys can be a hassle and lost or stolen keys can lead to security breaches.
  • Logging and Monitoring: While possible, setting up logging and monitoring for SSH sessions can be more complex than with AWS Session Manager.
  • Firewall Rules: SSH access might be restricted by firewall rules, potentially complicating connectivity.

Security Comparison

AWS Session Manager Security

  • No Inbound Ports: Session Manager doesn’t require open inbound ports, reducing potential attack vectors.
  • IAM Integration: Access control is managed through IAM policies, making permissions easier to handle.
  • Session Logging: Detailed logs are automatically recorded, which helps with auditing and troubleshooting.
  • End-to-End Encryption: Communication is encrypted, safeguarding data during transmission.

SSH Security

  • Port Exposure: SSH’s need for an open port can be a vulnerability. It’s crucial to use best practices like changing default ports and implementing fail2ban to mitigate risks.
  • Key Management: Effective key management is essential to avoid security issues. Compromised keys can lead to unauthorized access.
  • Additional Tools Required: To enhance security, additional measures like multi-factor authentication (MFA) or using a bastion host may be necessary.

Why I Prefer SSH Over AWS Session Manager

While AWS Session Manager offers several benefits, particularly in environments where AWS is the primary platform, I personally prefer SSH for a few reasons related to my setup and preferences.

Site-to-Site VPN

We can use a site-to-site VPN to securely connect on-premises network with remote networks. This setup allows me to manage servers across different environments, not limited to AWS. SSH fits seamlessly into this architecture because it can operate independently of the cloud provider, giving me more flexibility.

Bastion Host

I also use a bastion host to manage access to my internal servers. SSH works well with this approach, allowing me to securely tunnel connections through the bastion host. This adds an extra layer of security and control, which I find valuable. With SSH, I can easily configure and manage these tunnels to meet my specific needs.

BUT i would say that you need to carefully configure your security group to open only required port and specific sources.

Portability and Third-Party Tools 🚀

One of the big advantages of SSH is the ease of using third-party tools like Termius. These tools provide a user-friendly interface for managing SSH connections and can be used on various devices, including mobile phones and laptops.

The portability is crucial for me, as it allows me to access and manage my servers from almost anywhere, whether I’m on the go or working from a different location. Tool like Termius make SSH connections more accessible and convenient, offering a seamless experience across different devices.

Example of screenshot using Termius SSH management

On the other hand, AWS Session Manager requires a direct connection to AWS and is not integrated as seamlessly as in my current VPN and bastion host configuration. Again, while Session Manager has great functionality within the AWS ecosystem, portability and integration with third-party tools I use in managing my SSHs are not as effective compared to this solution. And that makes SSH far more versatile and accessible when it comes to meeting my needs.

Summaries

Both AWS Session Manager and SSH is actually has their own pros and cons based on your needs. AWS Session Manager simplifies access management within the AWS environment and enhances security with its integrated logging and IAM features. However, it requires a reliance on AWS and may not fit every network setup. SSH, on the other hand, offers flexibility and is well-suited for environments.

For me, the best tool for you, its depend on your specific setup, security requirements and personal preferences. 🤘

Thank you for reading! Don't forget to subscribe to stay informed about the latest updates in system design and technology. Happy Crafting!

If you found this article insightful and want to stay updated with more content on system design and technology trends, be sure to follow me on :-
Twitter: https://twitter.com/hafiqdotcom
LinkedIn: https://www.linkedin.com/in/hafiq93
Buy Me Coffee: https://paypal.me/mhi9388
https://buymeacoffee.com/mhitech
Medium: https://medium.com/@hafiqiqmal93

Top comments (0)

Read next

vamsiin profile image

A Critical Fix for a 5-Year Old Vulnerability through Docker's Security Patch

Dr. Vamsi Mohan Vandrangi -

hkhelil profile image

Monitor and Optimize Multi-Cluster AKS Costs 💰

Hamdi KHELIL -

payel_bhattacharya_71206f profile image

Getting Started with “Image as Code” Using Mermaid: A Modern Approach to Visualization

payel bhattacharya -

cicubeteam profile image

How to Use Secrets in GitHub Actions Workflows

CiCube -