compare ssh and ssl

ssh and ssl do the same function: provide authenticate and confidential for communication between 2 user.
So what is the different between them. Why do we need ssh when we have ssl?
hoaivanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PsiCopCommented:
You're trying to compare tomatoes and kiwi. They're both fruits, buts thats about as far as the similarities go.

SSL is a an ISO Layer 4/5 PROTOCOL for implementing secure, socket-based data transfer. A LOT of DIFFERENT things can use SSL. Your web browser can use it. FTP can use it. Your SMTP server can probably use it. A LOT of different services can use it.

SSH is an ISO Layer 6/7 APPLICATION, not a protocol. SSH is used to implement services, like telnet and FTP, across an SSL link.

So there is not either/or here. SSH relies on SSL for its security. SSL relies on the TCP/IP protocol suite for its connectivity. TCP/IP relies on Ethernet or SONET or DSL or Token-Ring or whatever for transport. These are all components of a whole.
0
hoaivanAuthor Commented:
i want a comparison of ssl with ssh protocol, not ssh implementation.
SSH has 2 protocol SSH-1 and SSH-2  (http://www.ssh.com)
0
Nemesis-ServicesCommented:
ssl is generally associated with online e-commerce for purchasing online products (basically when entering credit card details, no hacker can see these details being submitted to the website)

ssh is generally associated with remote access to linux/unix/windows servers instead of telnet, basically it encrypts all communication from your machine to the remote system ie: linux console commands / reading emails etc
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

hoaivanAuthor Commented:
@Nemesis-Services: yap, but with ssl we still can secure telnet or any other information. Cause ssl provide a secure socket, we can let the telnet information go the this secure socket. Then, telnet is now secure, why do we need ssh.
0
Nemesis-ServicesCommented:
ssh - to secure copy files onto the server instead of using FTP which is insecure, ssh allows secure robust access into remote systems
0
jabiiiCommented:
you mean other than "the computer g0ds said so!"

 :)

the begining S is security.. so you have SSl.. SFP SSH ext.. ..

different functionality, and application use




0
jharrissCommented:
They both can provide encryption and authentication.  Because of the way that an SSL session is established, an attacker could pose as a legit server and the client could then start and encrypted session with an attacker and not know the difference.  This is why we have certificate authorities like Verisign that enable clients to verify that they are talking to who they think they are talking to.  Would you really want to have to have a certificate authority create certificates for every machine that you need to log into.  SSH also provides a way to create an encrypted session without the use of asymmetric key pairs using Diffie Hellman.  This provides for easy setup especially if you have a lot of servers to maintain.  So to answer your question, SSH is used because it is a better fit for the function that it serves.  


SSL - http://www.freesoft.org/CIE/Topics/121.htm 
SSH - http://www.freesoft.org/CIE/Topics/139.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hoaivanAuthor Commented:
SSH is used because it is a better fit for the function that it serves. <= Ok, but what function do we need SSH serve and SSL cannot serve?

SSL can use Diffie Hellman key exchange algorithm.
0
jharrissCommented:
If SSL used Diffie Hellman for key exchange, then it would no longer be SSL.  SSL is a protocol, a set of rules that govern how communication will take place.  In SSL the cipher key is passed back and forth using a private/public key pair.
0
jharrissCommented:
I also never said there was a function that SSH serves that SSL could not serve, but for the function of remote command line access to servers, port forwarding, file transfer to and from user accounts on a server SSH is a far better fit.
0
hoaivanAuthor Commented:
can you explain why for the function of remote command, port forwarding ... ssh is far better fit ?
0
jharrissCommented:
You suggest using telnet through SSL.  Do you have tools that make this easy to do?  You would have to setup your tunnel then telnet through that.  Plus you would need to get certificates from a Certificate Authority.  For ssh, you just ssh to the host.  Port forwarding is built into ssh.  There are command line switches to do it.  
0
ahoffmannCommented:
>  can you explain why for the function of remote command, port forwarding ... ssh is far better fit ?
'cause SSL cannot be used for port forwarding, you just can use it as tunnel
0
Nemesis-ServicesCommented:
I think this thread is getting a little bit off track, original question is:

'So what is the different between them. Why do we need ssh when we have ssl'

which I believe has now been answered !

:)
0
ahoffmannCommented:
agreed: we need both ('cause they sirf different things)
0
PsiCopCommented:
SSH uses SSL. So there is no either-or!!!! You can't have SSH without SSL!
0
thomasburgCommented:
SSH does **not** use SSL as mentioned several times in this thread. SSH and SSL share some cipher suites (RSA, AES, ...), however SSH positively does not "need" or "use" SSL.

And as to why are there both around: "the nice things about standards is there are so many of them to choose from". SSL was created for the internet by Netscape while ssh was created for Unix shell security by a Finnish student.

Could we do with one of the two? probably yes. However both are around and will stay for a long time.

When use which: there are some case in which one protocol will fare better clearly and there is a grey area where both will work just fine. There is no simple answer "use XXX in situation YYY".
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.