Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
579 views
in Technique[技术] by (71.8m points)

networking - Difference between SSH and SSL, especially in terms of "SFTP" vs. "FTP over SSL"

Apart from enhanced authentication options offered by SSH, is there any difference between basic working of SSH and SSL protocols ?

I am asking since we can use SFTP or FTP over SSL, both would require authentication.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

What is the difference between SSH and SSL and why would we care?

SSL stands for "Secure Sockets Layer". We care because it enables browsers to transmit data to and from a web server in a secure cryptographic way to make life hard for third party spies monitoring all internet traffic.

SSH stands for "Secure Shell". We care because it enables a networked computer 1 to provide access to a shell on networked computer 2. The user can have a level of confidence that spies listening to the insecure channel cannot decrypt data sent between the networked computers.

SSL and SSH both have to do with providing a system to encrypt and decrypt data over an insecure channel.

When a browser visits a URL which begins with "https://", the browser speaks HTTP over an SSL connection.

SSL enabled Web Servers (for example Apache HTTP Server) can be configured to use SSL to become a "secure web server". A website served up by a secure web server will cause users to access the URL through the "https://" protocol instead of "http://". With the https protocol the users can have a level of confidence that third party spies monitoring the internet channel will only receive encrypted content.

SSL is a Protocol that could be implemented in the 6th layer (Presentation layer) of the OSI Model.

SSH has its own transport protocol independent from SSL, so that means SSH DOES NOT use SSL under the hood.

Cryptographically, both Secure Shell and Secure sockets Layer are equally secure.

An SSL Termination Proxy can handle incoming SSL connections, decrypting the SSL and passing on the unencrypted request to other servers.

SSL lets you use a PKI (public-key infrastructure) via signed certificates. With SSH you have to exchange the key fingerprints manually through another protocol like ftp or carrier pigeon.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...