SSH vs RDP: Which is best for VPS server hosting?

RDP and SSH are the two primary protocols used to establish connections to remote servers. This is what you need to know about each.

If you’ve dabbed in server infrastructure before, you’ll know that the two main authentication protocols are the Windows Remote Desktop Protocol (RDP) and Secure Shell (SSH). Both are useful in their way, with distinct advantages and disadvantages that may influence which is best for your use case. Let’s take a closer look:

What is SSH?

The Secure Shell Protocol (SSH), like RDP, is a network protocol designed to facilitate secure access to a remote server. It was designed for Unix-like operating systems as a replacement for Telnet and Unix shell, two outdated protocols with various security issues.

SSH has three major, hierarchical components:

– The transport layer: for server authentication, integrity, and confidentiality

– The user authentication protocol: for validating the user to the server

– The connection protocol turns the encrypted tunnel into multiple logical communication channels via multiplexing

SSH authentication is typically based on public-key cryptography, utilizing private key pairs and a password to authenticate the user. It is primarily used to access Linux servers via the command-line interface and is

What is RDP?

The Remote Desktop Protocol (RDP) is a protocol developed by Microsoft to provide users on various operating systems with a graphical interface to connect to remote Windows PCs or servers. It uses client software referred to as “Remote Desktop Connection” to achieve this.

However, while Windows RDP was designed primarily for Windows, it can also be used to connect to various Linux distributions. Here at easyglobal, for example, we offer an Ubuntu Desktop VPS with RDP.

RDP utilizes username/password authentication, as well as 128-bit RC4 encryption and TLS, for enhanced security. It is often recommended that admins pair it with a Virtual Private Network (VPN) and Multi-factor authentication (MFA) for additional security.

SSH vs RDP: The features

Although SSH and RDP achieve roughly the same thing — connecting to a remote host — their feature sets are quite different. The primary way in which SSH and RDP differ is in interface. SSH is a command-line interface, and as such, it has no graphical user interface (GUI). RDP, meanwhile, offers a complete graphical user interface (GUI) with support for 32-bit color, audio, printing, and more. Users utilize it in much the same way they’d use a local Windows PC.

However, this core difference isn’t an advantage or disadvantage, but a preference. Windows RDP provides an intuitive experience for regular users but is heavier on both the connection and resources of the local PC. SSH is primarily suitable for more technical users who are familiar with the command line, but it is lightweight. It all depends on the use case.

File transfers also differ. File transfer over SSH is easy and fast, but it requires manual intervention. Windows RDP requires some initial configuration, but it allows you to access all your local files from your RDP server from that point onward. Then it’s just a case of dragging and dropping between drives to transfer. RDP’s GUI approach will be more straightforward for most users, but the fact that users have to upload files while simultaneously streaming an image of the live desktop can make things sluggish.

SSH vs RDP: The security

The way each protocol handles security is one of the biggest differentiators between the two.

Server authentication

For those that don’t know, server authentication refers to the practice of ensuring the server the user is connecting to is the one they expected. This is important because hackers may attempt a “man-in-the-middle” attack, where they secretly sit between two servers and intercept the traffic, forwarding it to its final destination.

SSH

Server authentication with SSH is relatively simple yet secure. Servers have a private and public key pair. SSH clients will keep track of the fingerprint of the public key they saw the first time a user connects to a server and ask a user to validate that it’s correct. After the user completes this validation, the fingerprint is checked on each subsequent connection, and the SSH client alerts the user if it has changed.

The riskiest part of the process is the initial fingerprint authentication. That is why it is essential to validate the fingerprint carefully.

Users, meanwhile, authenticate themselves using a password or, for additional security, a manually configured SSH key.

RDP

By default, RDP comes with two security options. Standard security employs RC4 encryption. Values for this are exchanged when a connection is initialized, in the Basic Settings Exchange phase.

However, while RDP’s self-signed certificate provides some degree of server authentication, it’s best traded for one from an enterprise CA via the “Enhanced Security” option. RDP allows administrators to outsource encryption, decryption, and integrity checks to CredSSP, TLS, or a feature called Network Level Authentication.

Network Level Authentication (NLA) requires the client to authenticate itself with the RDP server before establishing a connection. This saves on resources and helps protect against man-in-the-middle attacks.  

However, though RDP traffic is encrypted by default, it’s still susceptible to man-in-the-middle attacks via ARP poisoning. As a result, it’s always recommended to connect to RDP servers with a VPN.

Users connect to a Windows RDP server with a password, which is not ideal due to the risk of phishing attacks and brute-force attempts. Admins are encouraged to additionally configure multi-factor authentication (MFA) and implement a firm password policy.

SSH or RDP for VPS use?

If you’re hosting just about anything, SSH is likely the most sensible choice. Its minimal resource requirements, combined with strong security and a terminal-focused environment, make it great for game servers, websites, web apps, VPNs, and more.

RDP, whether for a Windows RDP server or a Linux one, is best left to situations where a UI is very useful or essential. If you’re working from a VPS using it as a test environment, for example, it only makes sense. If you’re engaging in Forex trading, you’ll also need a user interface (UI). Consider both your security and technical requirements carefully, and select the solution that best suits your needs.