Get or Manage your atSigns: my.atsign.com
ARTICLE

Ssh! No Ports: IoT End-to-End Encrypted Control Plane Eliminates Network Administration Pain Points and Attack Surface

No more pain, no more ports, no more network attack surface

Improving IoT Security

Imagine a world where IoT security is simple, affordable, and absolute. VPNs and firewalls have vanished, along with the pain associated with having to track and manage static IP addresses, not to mention the endless configuration demands. 

The way things are today, IoT security is focused on managing attack surfaces. Instead, we asked ourselves, What if an IoT device could have no attack surface at all? How close can we get to that ideal?

Thanks to Atsign’s Co-founder and CTO, Colin Constable, we’ve done just that. Ssh! No ports is an open-source tool that allows system administrators to remotely connect to a device without needing to open any ports. Yes, you read that right. Using Ssh! No ports, and the underlying atPlatform as the foundation, there is no network attack surface on your IoT devices.

Close up of lower half of person's face with their index finger in front of their mouth in a "ssh" gesture.

Reducing Attack Surface

Having a single sshd (the ssh daemon) to manage is fine, but having hundreds, maybe thousands of sshds to manage and keep up-to-date is harder. That gets trickier as the only way to update many IoT devices is via firmware.   

On top of that, if you have an ssh daemon on the Internet, how often do you change the keys? (Yup—if you are like Noble, never.) Ssh! No ports creates new ssh keys for each session and then deletes them after the client connects. All connections are outbound, so there’s no need for firewalls or VPNs (or even a known IP address), and they are handled by an Internet microservice that solely communicates between known atSigns (unique identifiers for people and things on the atPlatform). As long as the device itself has an IP address, DNS, and Internet access, you can connect to it.  

Eliminating Network Pain

Network administrators can deploy Ssh! No ports to each one of their devices or systems, and never have to open a port again, eliminating the network attack surface. The underlying atProtocol is a zero-trust Internet protocol which ensures that only those you give permission to ever have access to the data being shared; even the microservice handling the connections never sees the data as everything is end-to-end encrypted. 

With this end-to-end encrypted control plane, you no longer have to worry about things like static IPs, NAT (Network Address Translation), port forwarding, and firewall rules as all traffic is outbound from the device.

You might use Ssh! No ports for…

  • Remote access to Home Lab where the ISP may change the IP address.
  • Remote access to IoT devices where you do not want to deploy or configure firewalls, or VPNs. 
  • Remote access to Virtual Machines so you can switch off port 22 being connected to the Internet. 
  • Remote access to Web UIs, using TCP port forwarding, again without having any ports open on the device.

Building the Future

Where do we go from here?

Ssh! No ports proves that end-to-end encryption can serve as the control plane that enables new solutions to old problems.

And this just scratches the surface. We are so excited about all the cool stuff this will enable, especially all the things we haven’t even thought of yet.

We invite you to think about what you can do with Ssh! No ports to help us flip the Internet. 

Check us out on GitHub

Contact us at info@atsign.com for a demo

How We See Web3

How We See Web3

Interested in Web3 without Blockchain? See how Atsign is ushering in the next era of the Internet with the atPlatform.

read more

Atsign Zero Trust

Developing apps for a Zero Trust environment? The open-source atPlatform offers a simple and secure way to build IoT applications.

read more
Share This