SSH Frequently Asked Questions
What's the difference between SSH and SSL/TLS?
SSL stands for "Secure Sockets Layer;" TLS, for "Transport Layer Security." SSL was developed by Netscape for use in securing HTTP. That is still its principal use, although there is nothing specific to HTTP about SSL. When a browser accesses a URL which begins with "https", it speaks HTTP over an SSL connection. TLS is the name of the IETF protocol standard that grew out of SSL 3.0, and is documented by RFC 2246. We will use the term "TLS."
TLS has goals and features similar to those of the SSH Transport and User Authentication protocols. It provides a single, full-duplex byte stream to clients, with cryptographically assured privacy and integrity, and optional authentication. It differs from SSH in the following principal ways:
- TLS server authentication is optional: the protocol supports fully
anonymous operation, in which neither side is authenticated. Such
connections are inherently vulnerable to man-in-the-middle attacks. In SSH-TRANS,
server authentication is mandatory, which protects against such attacks.
Of course, it is always possible for a client to skip the step of
verifying that the public key supplied by the server actually belongs to
the entity the client intended to contact (e.g. using the
/etc/ssh_known_hostsfile). However, SSH-TRANS at least demands going through the motions.
- Both client and server authentication are done with X.509 public-key certificates. This makes TLS a bit more cumbersome to use than SSH in practice, since it requires a functioning public-key infrastructure (PKI) to be in place, and certificates are more complicated things to generate and manage than SSH keys. However, a PKI system provides scalable key management for your trouble, which SSH currently lacks.
- TLS does not provide the range of client authentication options that SSH does; public-key is the only option.
- TLS does not have the extra features provided by the other SSH component: the SSH Connection Protocol (SSH-CONN). SSH-CONN uses the underlying SSH-TRANS connection to provide muliple logical data channels to the application, as well as support for remote program execution, terminal management, tunnelled TCP connections, flow control, etc.