Inspired by my friend Dane’s UX review of Hacker News, I’ve decided to start a mini-series of UX reviews myself, of various crypto apps and libraries. The crypto world has serious problems when it comes to user experience, ease of use, and sensible defaults, among other issues, and I’d like to bring them to light. Let’s start with SSH.
For those of you who don’t write code for a living, SSH stands for “Secure Shell”, and it lets you log into another machine on the internet running an SSH server, opening a command line session. You can even start a graphical session, although it takes a lot of know-how, chutzpah, luck, and just the right planetary alignment.
In terms of practicality, SSH is pretty solid — I use it at least every few days. If you need a remote terminal session, it pretty much does what it says on the tin. However, the difficulty of starting a graphical session is too damn high. Personally, I prefer Microsoft Remote Desktop over SSH here (I know, I know, totally different operating systems, but the difference in ease of use is striking). Don’t get me wrong, graphical sessions are doable. Given time and effort, I can get one going. But your average user? You’re better off giving them a couple tin cans and some string (just to be clear, that’s a comment on SSH, not your average user).
Another glaring flaw with SSH is key generation. The standard key generation program, ssh-keygen, requires use of the command line — that’s strike one against its usability. Even if you’re a command line aficionado, there are multiple questions to be answered. Which algorithm do you use? RSA? What about key size? What’s enough? Assuming you can answer those questions, there are a series of personal questions like company name, email, full name, country…what’s relevant and why?
Let’s say you get through the thicket of questions around key generation. What about key management? If you have a single key pair (yes, there are two to worry about), it’s not so bad, assuming the user doesn’t mix up their public and private keys. If you have multiple key pairs, maybe one for personal use, one for work, and one for a side project, you’re fucked. You’ll have to either specify which key to use every time you connect, or use a combination of configuration files and ssh-agent. Good luck, and may God have mercy on your soul.
These problems sound trivial to a computer expert, because to someone who writes code, these problems are entirely tractable and make sense for software designed for developers. But if you’re designing software for general use, for ease of use, and you want regular folks to be able to use it, these problems are almost absurdly difficult to overcome. Think about the description of SSH: it lets you use another computer as though you were sitting in front of it. Given that promise, SSH delivers to the computer cognoscenti and fails the average user miserably.