Introduction
This article explains SSH and SFTP, why they are important for securely connecting your WordPress site to the backup system, and how they work within Solid Backups — NextGen. By the end, you’ll understand the differences between SSH and SFTP and why SSH is our recommended method for keeping your backups safe.
What are SSH and SFTP?
SSH (Secure Shell) and SFTP (Secure File Transfer Protocol) are two methods of securely connecting to a server to transfer data, such as your website backups. Both methods use encryption to protect your data while it's in transit, preventing unauthorized access or tampering.
- SSH: Primarily used for securely accessing and managing servers. It uses public-key cryptography to authenticate the connection (preferred) or can also use username/password authentication.
- SFTP: A secure version of FTP (File Transfer Protocol) that runs over SSH. It is used to securely transfer files between your WordPress site and the backup system.
Why use SSH or SFTP for backups?
When you use Solid Backups — NextGen, you’ll need to provide either SSH or SFTP credentials to connect securely to your WordPress site. These credentials ensure that any data transferred during the backup process is encrypted and safe from interception.
Public Key Authentication
When connecting via SSH or SFTP, you can either authenticate via username/password, or via public keys. Whenever possible, use the public key method of authentication. Here’s why:
Public key authentication uses two keys, a private key (which is on the SolidWP servers) and a public key (which is saved on your server). To access the server, in addition to knowing the username and IP address/hostname, third parties have to prove that they’ve saved the private key that corresponds with the public key. Think of it like a secret handshake agreed upon in advance.
With passwords, there’s always the risk of someone guessing or stealing them. With Public/Private keys, a bad actor would not only need to be able to crack the keys themselves, but also somehow have pre-saved those keys in the proper locations in order to gain access. SSH keys are far more complex and difficult to break.
Setting up SSH or SFTP for Backups
The Solid Backups — NextGen overview article will help you get started with setting up your connection to your host.
How does SSH Public Key Infrastructure (PKI) work with Solid Backups — NextGen?
Public Key Infrastructure (PKI) enables SSH to establish secure, key-based authentication. Here's how it functions in the context of Solid Backups — NextGen:
- Public Key: This key is provided by Solid Backups — NextGen and you place it on your server.
- Private Key: This key is securely stored on Solid Backups — NextGen servers and is never shared.
When a backup is initiated, Solid Backups — NextGen servers use the private key to authenticate with your server, which has the corresponding public key. This ensures a secure connection, allowing Solid Backups — NextGen to perform the backup without requiring you to expose any sensitive credentials.
Even if someone were to gain access to the public key on your server, they would not be able to initiate a connection or access your backups without the corresponding private key, which remains securely stored on Solid Backups — NextGen servers.
Why does Solid Backups — NextGen only supply a public key?
Solid Backups — NextGen provides a public key that you will place on your server. The corresponding private key (the other half of the secret handshake!) remains on SolidWP servers. This setup allows those servers to initiate a secure, encrypted connection to your site using SSH key-pair authentication. This eliminates the risk of unauthorized access to your backups, as someone would need the private key (which remains safeguarded on SolidWP infrastructure) to initiate a connection.
Conclusion
By using SSH or SFTP with Solid Backups — NextGen, you can ensure that your WordPress backups are transferred securely.
If you have any questions, please contact the SolidWP support team, who will be happy to assist you!