current community

more stack exchange communities

Stack Exchange Inbox Reputation and Badges
1
help
up vote 76 down vote favorite
37

What is the difference between SSH and SSL? Which one is more secure, if you can compare them together?
Which has more potential vulnerabilities?

share|edit
9  
This is not a real question. You are comparing apples and oranges. What might help is if you could explain why you want to know - as this might guide answers. eg are you looking to implement a secure access solution and are looking for the easiest to secure? –  Rory Alsop Jan 13 '11 at 10:04
2  
@Rory I don't think so, as I know they both do a similar job (I'm not comparing apples and oranges), but maybe I am wrong so I become thankful if community show me my mistake. –  Am1rr3zA Jan 13 '11 at 10:07
15  
I think this is a great question - very common for the uninitiated, and we've got some great answers. So vote it back up, folks :) –  nealmcb Jan 17 '11 at 18:03
1  
I hope you like my edits. Feel free to revert/refine if you don't. –  nealmcb Jan 17 '11 at 18:09
4  
@Am1rr3zA, it is not exactly right that they do a similar job. In practice, SSL and SSH are typically used for different purposes: SSH is most often used for remote log-in, SSL for encrypted web access. –  D.W. Jan 19 '11 at 7:30

7 Answers 7

up vote 84 down vote accepted

SSL and SSH both provide the cryptographic elements to build a tunnel for confidential data transport with checked integrity. For that part, they use similar techniques, and may suffer from the same kind of attacks, so they should provide similar security (i.e. good security) assuming they are both properly implemented. That both exist is a kind of NIH syndrome: the SSH developers should have reused SSL for the tunnel part (the SSL protocol is flexible enough to accommodate many variations, including not using certificates).

They differ on the things which are around the tunnel. SSL traditionally uses X.509 certificates for announcing server and client public keys; SSH has its own format. Also, SSH comes with a set of protocols for what goes inside the tunnel (multiplexing several transfers, performing password-based authentication within the tunnel, terminal management...) while there is no such thing in SSL, or, more accurately, when such things are used in SSL they are not considered to be part of SSL (for instance, when doing password-based HTTP authentication in a SSL tunnel, we say that it is part of "HTTPS", but it really works in a way similar to what happens with SSH).

Conceptually, you could take SSH and replace the tunnel part with the one from SSL. You could also take HTTPS and replace the SSL thing with SSH-with-data-transport and a hook to extract the server public key from its certificate. There is no scientific impossibility and, if done properly, security would remain the same. However, there is no widespread set of conventions or existing tools for that.

So we do not use SSL and SSH for the same things, but that's because of what tools historically came with the implementations of those protocols, not due to a security related difference. And whoever implements SSL or SSH would be well advised to look at what kind of attacks were tried on both protocols.

share|edit
3  
Good job. And in fact, since SSH is easier to set up than SSL, many people tunnel http (not https) inside SSH, e.g. to do remote system administration with a web GUI tool like ebox or webmin. –  nealmcb Jan 17 '11 at 17:58
12  
Just to point out, it's not quite true that the SSH guys "should" have used SSL: SSH was designed very specifically to have a small attack surface, and be very secure. SSHv2 has none of the problems and pitfalls in SSL/TLS, so going with a smaller thing that they understood well, with less complexity, they came out with something much better suited to their situation. It depends how paranoid you are: SSL isn't unusable, depending on the application, but SSH's design makes it acceptable in situations/security communities where SSL simply is not trusted. –  Nicholas Wilson May 11 '12 at 18:01
4  
@NicholasWilson "SSH's design makes it acceptable in situations/security communities where SSL simply is not trusted" such as... –  curiousguy Jun 21 '12 at 15:49
3  
SSL and SSH were developed in parallel (both being released in 1995), so whether SSH even could have used SSL is not clear. Whether it should have used the contemporary SSL 2.0 is very dubious too :-) –  user185 Feb 6 '13 at 18:27
4  
Well, SSH 2.0 was a complete rewrite of the protocol and appeared some time around 1999, so that one could have reused SSL 3.0 or even TLS 1.0. But, of course, TLS appears to be tied with X.509, which frightens developers away. –  Thomas Pornin Feb 6 '13 at 18:53
up vote 58 down vote

This isn't a reasonable comparison to make. SSL is a general method for protecting data transported over a network, whereas SSH is a network application for logging in and sharing data with a remote computer. The transport layer protection in SSH is similar in capability to SSL, so which is "more secure" depends on what your specific threat model calls for and whether the implementations of each address the issues you're trying to deal with. SSH then has a user authentication layer which SSL lacks (because it doesn't need it - SSL just needs to authenticate the two connecting interfaces which SSH can also do). In poorly-drawn UTF-8 art:

      SSL              SSH
+-------------+ +-----------------+
| Nothing     | | RFC4254         | Connection multiplexing
+-------------+ +-----------------+
| Nothing     | | RFC4252         | User authentication
+-------------+ +-----------------+
| RFC5246     | | RFC4253         | Encrypted data transport
+-------------+ +-----------------+

Regarding the issue of which there are more potential attacks against, it seems clear that SSH has a larger attack surface. But that's just because SSH has a whole application built into it: the attack surface of SSL + whatever application you need to provide cannot be compared because we don't have enough information.

share|edit
6  
+1 even though your art is mere ASCII... –  Tobias Kienzler Feb 6 '13 at 15:47
1  
-1 It is a reasonable comparison. You incorrectly make the assumption that OP is comparing SSL to the unix program ssh(1). SSH is actually another protocol providing transport layer security, which happens to have special provisions for remote shells and remote execution. –  jpillora Jan 11 at 15:44
    
+1 @jpillora while I agree it does make sense to compare the two, the term SSH is not typically used to refer to the subset of the SSH protocol that handles transport layer security that would be directly comparable to SSL/TLS. It is almost exclusively used in reference to the application layer protocol which differs from SSL/TLS in the manner described in this answer. –  freb May 4 at 3:52
    
@freb the way they're referred in general does not change the truth of the matter. SSH is a protocol which is used as the transport layer for the ssh utility. The accepted and most voted answer reflects this fact. –  jpillora May 4 at 4:22
    
@jpillora I merely meant that I don't think the SSH transport layer protocol is what most people would mean given the phrasing of the question. However, given the answer that was accepted as correct, it must have been what OP was asking. –  freb May 5 at 0:20
up vote 3 down vote

From a strict cryptographic point of view, they both provide authenticated encryption, but in two different ways.

SSH uses the so-called Encrypt-and-MAC, that is the ciphered message is juxtaposed to a message authentication code (MAC) of the clear message to add integrity. This is not proven to be always fully secure (even if in practical cases it should be enough).

SSL uses MAC-then-Encrypt: a MAC is juxtaposed to the clear text, then they are both encrypted. This is not the best either, as with some block cipher modes parts of the MAC can be guessable and reveal something on the cipher. This led to vulnerabilities in TLS 1.0 (BEAST attack).

So they have both potential theoretical weaknesses. The strongest method is Encrypt-then-MAC (add a MAC of the ciphered message), which is implemented, e.g., in IPsec ESP.

share|edit
2  
SSH's binary packet protocol is encrypt-and-MAC where for every plaintext message (m) it sends the ciphertext E(m)++MAC(m) (concatenate encrypted message with MAC), versus SSL which does E(m++MAC(m)). However, SSH is much more than just its binary packet protocol (key management, remote shell client/server, does file transfer, etc), while SSL (now called TLS) is just the transport layer protocol that is used in other protocols that add in the necessary functionality (e.g., HTTPS, FTPS, IMAPS etc.). Also see comparison of EtM, E&M, MtE at: crypto.stackexchange.com/questions/202 –  dr jimbob May 9 '13 at 16:39
1  
Fully agreed, there is much more than what I wrote; that's what I meant with my incipit "from a strict cryptographic point of view". –  Halberdier May 9 '13 at 20:55
up vote 1 down vote

ssh is like a key (private) and the lock (public)

ssl is like the door and the bricks.

ssl provides a secure link between the two computer servers. eg, Yours and the one your connecting to.

ssh is how the connecting computer can verify itself and gain access.

share|edit
up vote 0 down vote

SSL is a protocol layer that is abstracted from the content being tunneled. SSH is a secure version of shell (SH), it was not designed to contain an abstract layer underneath it, it was designed specifically to carry shell traffic. So though crypto operations are used in both, and those crypto operations could even be the same, the purpose, and therefor overall design is quite different.

Keep in mind there are specific differences (as have been cited above), but most if not all of those differences are rooted in the purpose of the different protocols.

share|edit
    
-1 You incorrectly make the assumption that OP is comparing SSL to the unix program ssh(1). SSH is actually another protocol providing transport layer security, which happens to have special provisions for remote shells and remote execution. –  jpillora Jan 11 at 15:47
up vote 0 down vote

I think there is one aspect of this comparison that was overlooked. user185 came close but didn't quite get there. I agree that these are apples and oranges and feel a better apples to apples comparison to be HTTPS and SSH. HTTPS and SSH utilize different layers of the OSI model and therefore encrypt the data at different times in the transmission. Then the real questions one should be asking would be along the lines of when is this data encrypted and unencrypted during the transmission. This will reveal your potential attack surfaces. With HTTPS, once the packet is received by a device in the destination network (Web Server, Border Router, load balancer, etc...)it is un-encrypted and spends the rest of its journey in plain text. Many would argue that this is not a big deal since the traffic is internal at this time, but if the payload contains sensitive data, it is being stored un-encrypted in the log files of every network device it passes through until it gets to its final destination. With SSH, typically, the destination device is specified and the transmission is encrypted until it reaches this device. There are ways of re-encrypting the HTTPS data but these are extra steps that most forget to take when implementing an HTTPS solution in their environment.

share|edit
up vote 0 down vote

The problem is two-fold, it's not just the strength and weakness of the encryption. But it's the ease and convenience of the delivery. So from business perspective SSL/TLS is is more convenient and easier because it just requires a browser and either a public or private Cert.

And SSH requires either the application or thin client installed to use it. That is more of a problem from a user Internet client perspective and support.

Not all users are bright, especially the technology challenged ones.

my 2 cents.

share|edit

Your Answer

 
discard

Not the answer you're looking for? Browse other questions tagged or ask your own question.