Not only can they be used together, but it is the standard and most secure practice in web development and administration.
They are two completely different protocols that perform different functions in the same infrastructure.
- HTTPS for customers (the front-end):
- When a customer visits your store, browses products, registers, or makes a purchase, all that traffic travels over HTTPS. This ensures that sensitive information (such as passwords and credit card information) is encrypted and protected between the customer’s browser and your store’s server. This is the publicly visible security layer.
- SSH for you (the back-end):
- To manage that store, you need to securely connect to the server where it’s hosted. To upload new products, update the software, troubleshoot bugs, or deploy new code, you connect through a terminal using SSH. This gives you secure, encrypted remote access, so no one else can intercept your administration commands. It’s the security layer for administrators.
HTTPS secures public communication with the website, while SSH secures the private connection to manage the server.
that is to say:
- SSH: Remote Administration and Commands
- HTTPS: Secure web browsing (web data)
- SSH: Developers and Administrators
- HTTPS: Clients and website users
- HTTPS: port 443
- SSH: port 22
- SSH: Application/Transport Layer
- HTPS: Application Layer
