This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Tue, 11 Jun 2002 02:27:35 -0700 (PDT) From: Akbar Ahmed <akbar_svlug@yahoo.com> To: svlug@lists.svlug.org Subject: [svlug] SSL vs. SSH Hi, I've been reading up a bit on SSL and SSH for use in writing client/server apps that need encrypted communication. What are the benefits/drawbacks of using ssh over ssl, or vice versa, when writing client/server apps? When is SSL the better option? When is SSH the better option? I've noted the following differences: -SSL supports anonymous connections -SSL uses certs, while SSH uses keys (or passwords) -SSH offers more authentication mechanisms It seems to me that SSH is a more attractive option for encryped communication between a client and server due to its relative flexiblity, but I may be missing something. === Date: Tue, 11 Jun 2002 03:09:23 -0700 (PDT) From: Robert Hajime Lanning <lanning@lanning.cc> To: akbar_svlug@yahoo.com (Akbar Ahmed) Cc: svlug@lists.svlug.org Subject: Re: [svlug] SSL vs. SSH This all realy depends on your application. As you mentioned ssh requires an account on the destination machine. It also requires access to execute the server side of the program. Is the server suposed to be running at all times and receives multiple connections from the clients or is it something that can run out of inetd? (Gets an individual invocation for each connection.) SSH is realy for the secure execution of commands on a remote machine. SSH also requires that the keys be pre-setup with the account (or you can type a password in every time.) (Are they clients authenticating to the server program or to the unix account?) If the server is to be invoked for each client connection, then SSH will work. SSH uses with STDIN STDOUT and STDERR. So, in scripts, it is hard to make one program write to and read from SSH. (It can be done, just looks ugly, messing with the file descriptors.) Now, if you are talking the SSH protocol, it can be a bit different. Though, I am not sure you need all the complexities that the SSH protocol has. It actualy has multiple channel capabilities, so you can pass (for example) 20 seperate streams of data across the same connection. (Used for the port forwarding feature.) SSL is realy a library to enable you to make an encrypted TCP connection with a server program. With the SSL/TLS library you can open a TCP connection with your server and do any type of authentication ontop of the encrypted channel it gives you. Once the channel is up you can handle it as if it was a standard TCP socket (pretty much.) One server daemon can have hundreds of clients connected via SSL/TLS sockets. === Date: Tue, 11 Jun 2002 15:18:59 +0300 (IDT) From: Ira Abramov <lists-svlug@ira.abramov.org> Cc: SV GNU/Linux <svlug@lists.svlug.org> Subject: Re: [svlug] SSL vs. SSH Akbar Ahmed wrote: > What are the benefits/drawbacks of using ssh over ssl, > or vice versa, when writing client/server apps? > > When is SSL the better option? > When is SSH the better option? well, it's not really two apps competing in the same category, as Rob put it. encryption can be used for privacy or for authentication and trust. SSL is standard for encrypting a single TCP socket connection, while optionally authenticating the server's identity by having a recocgnixed CA sign his certificate (which in turn includes his host key). Uses are in web, mail, and even telnet. as Rob said - an SSL connection is just a socket, more or less. It is for privacy and trust, while SSH is for privacy and authentication (though it can do trust too if you insist) Now take the SSL-telnet idea one step forward, slap on it chalange/reply handshaking, slap on top of that TCP tunneling and multiplexing, r-commands and a few other features, remove the need for a CA, and you have a very powerful tool indeed, but - not an ubiqitous as SSL (i.e. no plugs in mail or web clients, nor language libraries (though I may be wrong). SSL on the other hand, has caught on for pop3, imap, smtp, http, ftp, telnet and countless individual uses because of easy-to-use tools such as ssltunnel, and libraries any language can easely link to (Java, Python, C etc) and use it as a standard socket. the way I see it, SSH will stick to the stuff it does best - a commendline pipe for shell scripting, remote command execution, interactive secure sessions and firewall piercing games :) Hope that helped.. === Date: Tue, 11 Jun 2002 09:39:27 -0700 From: J C Lawrence <claw@kanga.nu> To: "Matt Billenstein" <matt@vazor.com> Cc: svlug@lists.svlug.org Subject: Re: [svlug] sendmail question Matt Billenstein <matt@vazor.com> wrote: > How might I redirect email to unknown users to an existing user > account? I've looked on Google for a bit, but can't seem to find > anything that works. luser_relay under Postfix. === Date: Tue, 11 Jun 2002 09:42:21 -0700 From: J C Lawrence <claw@kanga.nu> To: Akbar Ahmed <akbar_svlug@yahoo.com> Cc: svlug@lists.svlug.org Subject: Re: [svlug] SSL vs. SSH Akbar Ahmed <akbar_svlug@yahoo.com> wrote: > What are the benefits/drawbacks of using ssh over ssl, or vice versa, > when writing client/server apps? SSL (can) plug into your PKI and CA structure, and in the form known as TLS, is already an acknowledged and widely deployed transport crypto (eg SMTP, HTTPS, etc). SSH comparatively is poorly supported or even known outside of the Unixes. ===