Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

compare ssh and ssl

Posted on 2004-11-23
17
Medium Priority
?
1,969 Views
Last Modified: 2011-10-03
ssh and ssl do the same function: provide authenticate and confidential for communication between 2 user.
So what is the different between them. Why do we need ssh when we have ssl?
0
Comment
Question by:hoaivan
  • 4
  • 4
  • 3
  • +4
17 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12661871
You're trying to compare tomatoes and kiwi. They're both fruits, buts thats about as far as the similarities go.

SSL is a an ISO Layer 4/5 PROTOCOL for implementing secure, socket-based data transfer. A LOT of DIFFERENT things can use SSL. Your web browser can use it. FTP can use it. Your SMTP server can probably use it. A LOT of different services can use it.

SSH is an ISO Layer 6/7 APPLICATION, not a protocol. SSH is used to implement services, like telnet and FTP, across an SSL link.

So there is not either/or here. SSH relies on SSL for its security. SSL relies on the TCP/IP protocol suite for its connectivity. TCP/IP relies on Ethernet or SONET or DSL or Token-Ring or whatever for transport. These are all components of a whole.
0
 

Author Comment

by:hoaivan
ID: 12661990
i want a comparison of ssl with ssh protocol, not ssh implementation.
SSH has 2 protocol SSH-1 and SSH-2  (http://www.ssh.com)
0
 
LVL 4

Assisted Solution

by:Nemesis-Services
Nemesis-Services earned 750 total points
ID: 12664044
ssl is generally associated with online e-commerce for purchasing online products (basically when entering credit card details, no hacker can see these details being submitted to the website)

ssh is generally associated with remote access to linux/unix/windows servers instead of telnet, basically it encrypts all communication from your machine to the remote system ie: linux console commands / reading emails etc
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:hoaivan
ID: 12664555
@Nemesis-Services: yap, but with ssl we still can secure telnet or any other information. Cause ssl provide a secure socket, we can let the telnet information go the this secure socket. Then, telnet is now secure, why do we need ssh.
0
 
LVL 4

Expert Comment

by:Nemesis-Services
ID: 12664796
ssh - to secure copy files onto the server instead of using FTP which is insecure, ssh allows secure robust access into remote systems
0
 
LVL 9

Expert Comment

by:jabiii
ID: 12666046
you mean other than "the computer g0ds said so!"

 :)

the begining S is security.. so you have SSl.. SFP SSH ext.. ..

different functionality, and application use




0
 
LVL 1

Accepted Solution

by:
jharriss earned 750 total points
ID: 12669169
They both can provide encryption and authentication.  Because of the way that an SSL session is established, an attacker could pose as a legit server and the client could then start and encrypted session with an attacker and not know the difference.  This is why we have certificate authorities like Verisign that enable clients to verify that they are talking to who they think they are talking to.  Would you really want to have to have a certificate authority create certificates for every machine that you need to log into.  SSH also provides a way to create an encrypted session without the use of asymmetric key pairs using Diffie Hellman.  This provides for easy setup especially if you have a lot of servers to maintain.  So to answer your question, SSH is used because it is a better fit for the function that it serves.  


SSL - http://www.freesoft.org/CIE/Topics/121.htm 
SSH - http://www.freesoft.org/CIE/Topics/139.htm
0
 

Author Comment

by:hoaivan
ID: 12670419
SSH is used because it is a better fit for the function that it serves. <= Ok, but what function do we need SSH serve and SSL cannot serve?

SSL can use Diffie Hellman key exchange algorithm.
0
 
LVL 1

Expert Comment

by:jharriss
ID: 12670536
If SSL used Diffie Hellman for key exchange, then it would no longer be SSL.  SSL is a protocol, a set of rules that govern how communication will take place.  In SSL the cipher key is passed back and forth using a private/public key pair.
0
 
LVL 1

Expert Comment

by:jharriss
ID: 12670554
I also never said there was a function that SSH serves that SSL could not serve, but for the function of remote command line access to servers, port forwarding, file transfer to and from user accounts on a server SSH is a far better fit.
0
 

Author Comment

by:hoaivan
ID: 12670589
can you explain why for the function of remote command, port forwarding ... ssh is far better fit ?
0
 
LVL 1

Expert Comment

by:jharriss
ID: 12671216
You suggest using telnet through SSL.  Do you have tools that make this easy to do?  You would have to setup your tunnel then telnet through that.  Plus you would need to get certificates from a Certificate Authority.  For ssh, you just ssh to the host.  Port forwarding is built into ssh.  There are command line switches to do it.  
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12673119
>  can you explain why for the function of remote command, port forwarding ... ssh is far better fit ?
'cause SSL cannot be used for port forwarding, you just can use it as tunnel
0
 
LVL 4

Expert Comment

by:Nemesis-Services
ID: 12673458
I think this thread is getting a little bit off track, original question is:

'So what is the different between them. Why do we need ssh when we have ssl'

which I believe has now been answered !

:)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12683246
agreed: we need both ('cause they sirf different things)
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12683273
SSH uses SSL. So there is no either-or!!!! You can't have SSH without SSL!
0
 

Expert Comment

by:thomasburg
ID: 14335802
SSH does **not** use SSL as mentioned several times in this thread. SSH and SSL share some cipher suites (RSA, AES, ...), however SSH positively does not "need" or "use" SSL.

And as to why are there both around: "the nice things about standards is there are so many of them to choose from". SSL was created for the internet by Netscape while ssh was created for Unix shell security by a Finnish student.

Could we do with one of the two? probably yes. However both are around and will stay for a long time.

When use which: there are some case in which one protocol will fare better clearly and there is a grey area where both will work just fine. There is no simple answer "use XXX in situation YYY".
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question