compare ssh and ssl

You're trying to compare tomatoes and kiwi. They're both fruits, buts thats about as far as the similarities go.

SSL is a an ISO Layer 4/5 PROTOCOL for implementing secure, socket-based data transfer. A LOT of DIFFERENT things can use SSL. Your web browser can use it. FTP can use it. Your SMTP server can probably use it. A LOT of different services can use it.

SSH is an ISO Layer 6/7 APPLICATION, not a protocol. SSH is used to implement services, like telnet and FTP, across an SSL link.

So there is not either/or here. SSH relies on SSL for its security. SSL relies on the TCP/IP protocol suite for its connectivity. TCP/IP relies on Ethernet or SONET or DSL or Token-Ring or whatever for transport. These are all components of a whole.

i want a comparison of ssl with ssh protocol, not ssh implementation.
SSH has 2 protocol SSH-1 and SSH-2  (http://www.ssh.com)

@Nemesis-Services: yap, but with ssl we still can secure telnet or any other information. Cause ssl provide a secure socket, we can let the telnet information go the this secure socket. Then, telnet is now secure, why do we need ssh.

ssh - to secure copy files onto the server instead of using FTP which is insecure, ssh allows secure robust access into remote systems

you mean other than "the computer g0ds said so!"

 :)

the begining S is security.. so you have SSl.. SFP SSH ext.. ..

different functionality, and application use

SSH is used because it is a better fit for the function that it serves. <= Ok, but what function do we need SSH serve and SSL cannot serve?

SSL can use Diffie Hellman key exchange algorithm.

If SSL used Diffie Hellman for key exchange, then it would no longer be SSL.  SSL is a protocol, a set of rules that govern how communication will take place.  In SSL the cipher key is passed back and forth using a private/public key pair.

I also never said there was a function that SSH serves that SSL could not serve, but for the function of remote command line access to servers, port forwarding, file transfer to and from user accounts on a server SSH is a far better fit.

can you explain why for the function of remote command, port forwarding ... ssh is far better fit ?

You suggest using telnet through SSL.  Do you have tools that make this easy to do?  You would have to setup your tunnel then telnet through that.  Plus you would need to get certificates from a Certificate Authority.  For ssh, you just ssh to the host.  Port forwarding is built into ssh.  There are command line switches to do it.  

>  can you explain why for the function of remote command, port forwarding ... ssh is far better fit ?
'cause SSL cannot be used for port forwarding, you just can use it as tunnel

I think this thread is getting a little bit off track, original question is:

'So what is the different between them. Why do we need ssh when we have ssl'

which I believe has now been answered !

:)

agreed: we need both ('cause they sirf different things)

SSH uses SSL. So there is no either-or!!!! You can't have SSH without SSL!

SSH does **not** use SSL as mentioned several times in this thread. SSH and SSL share some cipher suites (RSA, AES, ...), however SSH positively does not "need" or "use" SSL.

And as to why are there both around: "the nice things about standards is there are so many of them to choose from". SSL was created for the internet by Netscape while ssh was created for Unix shell security by a Finnish student.

Could we do with one of the two? probably yes. However both are around and will stay for a long time.

When use which: there are some case in which one protocol will fare better clearly and there is a grey area where both will work just fine. There is no simple answer "use XXX in situation YYY".