Is SSH a higher layer and more secure than SSL? Here are the four major differences between the two - based on principles and protocols

80% of people will have this question, these are obviously two different things.

Yes, this does not seem to be a reasonable comparison. The general perception is:

• SSL is a common method of protecting data transmitted over the Internet.
• SSH is a network program used to log in and share data

They are very different. But if you think about it carefully, they have similar functions and similar encryption methods. Is this God's arrangement or a coincidence?

They seem to be completely unrelated, but have you ever really compared them? Do you occasionally confuse them at work? Let's take a look at them based on principles and protocols...

1. SSL

SSL, or Secure Sockets Layer, is a security protocol that was proposed by Netscape when it launched the first version of its Web browser.

SSL certificates are mainly deployed in website servers, and use the SSL protocol to encrypt data on the communication link between the browser client and the website server, and authenticate the identity of the website server to prevent phishing websites. It is used to ensure secure communication between your browser and the website server, and prevent network "middlemen" from stealing information.

The traditional HTTP protocol uses plain text to transmit data, and user data is at risk of being stolen and tampered with. Websites that have deployed SSL certificates can be accessed using the secure HTTPS protocol. When a browser accesses a URL that begins with "https://", the browser uses HTTP through an SSL connection. The SSL protocol encrypts data before it is transmitted over the network, ensuring the security of user data on the transmission link.

The SSL protocol consists of two sub-protocols:

• SSL Record Protocol: describes how SSL data packets should be encapsulated. Located at the session layer of the OSI seven-layer model, it establishes and manages sessions for users on different machines.
• SSL Handshake Protocol: describes how the two communicating parties negotiate and jointly decide which algorithm to use and the key used by the algorithm. It encrypts and decrypts the network connection between them at the presentation layer, the next layer of the OSI seven-layer model session layer.

SSH

SSH, or Security Shell, was developed by the Network Working Group of IETF. It is currently the most reliable protocol that provides security for remote login sessions and other network services.

SSH was originally a program on UNIX systems, and later quickly expanded to other operating platforms. SSH is equivalent to a tunnel, which protects data from being leaked and tampered with when it passes through, and provides a secure transmission and application environment for the shell. Specifically, it can be used to remotely and securely execute instructions on another UNIX system machine.

SSH is just a protocol, and it has many implementation methods. In Linux, SSH is almost standard, and the most commonly used implementation is OpenSSH. When using SSH in Windows, another software PuTTY is used. This is equivalent to using QQ to remotely log in to another computer, and it is a secure way to remotely log in to the server.

In the Internet hierarchy, SSH, like HTTP and FTP, belongs to the application layer protocol in the OSI seven-layer reference model. It is a member of the application layer services that use the TCP protocol.

What are the differences and connections between SSH and SSL?

1. Position in the OSI seven-layer model

After reading the previous introduction, we know that SSL is a protocol to protect network transmission data and is the cornerstone of secure transmission on the Internet. SSH is just a network application for host user login and secure data sharing. They are located in different positions in the OSI seven-layer model:

2. Functional associations and differences

(1) Differences

Functionally, they vary greatly.

SSH stands for "Secure Shell". We care about it because it enables networked computer 1 to access a shell on networked computer 2, log in as computer 1, and operate on it.

SSL stands for "Secure Sockets Layer". The reason we care about it is that it enables browsers to transfer data to and from web servers in a secure, encrypted way, making it difficult for third-party spies who monitor all internet traffic to survive. SSL has nothing to do with host username logins, it does not implement the host login function itself, it is just a pure encryption function.

(2) Relationship

Both SSL and SSH must provide systems for encrypting and decrypting data over an insecure channel. SSH has its own transport protocol that is independent of SSL, so this means that SSH does not use SSL under the hood.

For ease of understanding, you can simply think of it as: SSH = SSL + application layer protocols such as user login function.

3. Relationship and differences between encryption methods

From a strict cryptographic perspective, the encryption methods used to authenticate their identities are different.

Both SSL and SSH provide cryptographic elements to tunnel confidential data transmissions with integrity checks.

• SSH uses what's called encryption-and-MAC, which juxtaposes the encrypted message with an authentication code (MAC) of the plaintext message for added integrity. This isn't completely secure (even though it seems secure enough).
• SSL uses MAC-then-encrypt, which is to put the MAC in parallel with the plaintext and then encrypt them. This is also not the best, because in some block cipher modes, some parts of the MAC can be guessed and reveal some of the content on the cipher. This led to vulnerabilities in TLS 1.0. Old algorithms such as TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_RC4_128_MD5 are both mac-then-encrypt mode.

Both encryption methods have potential theoretical weaknesses. The strongest method is Encrypt-then-MAC, which is implemented in IPsec ESP.

4. Security comparison

In terms of security, Secure Shell and SSL each have their own advantages.

SSL has a certificate authority (CA) that is impartial and can confirm the identity of the sender. SSH, however, does not have one and may be attacked by a "man-in-the-middle attack," which is a modern version of eavesdropping. If an attacker inserts himself between the user and the remote host (such as in a public wifi area), he uses a forged public key to obtain the user's login password. If he then uses this password to log in to the remote host, the security mechanism of SSH will be gone. However, making sure that the insecure SSL/TLS protocol is disabled and that the URL you visit begins with HTTPS can avoid most man-in-the-middle attacks.

An SSL termination proxy can handle incoming SSL connections, decrypt the SSL and pass the unencrypted request to other servers. SSL allows you to use PKI (Public Key Infrastructure) through signed certificates. Whereas with SSH, you have to manually exchange key fingerprints through other protocols like ftp.

SSH has a user authentication layer that SSL lacks (but that's because it doesn't need it). The SSH protocol uses more of the same protocol when using UTF-8 encoding. Given the greater number of potential attacks, the attack surface of SSH may seem larger. But that's only because SSH has a complete application built into it. The security is pretty much the same as SSL.

Conceptually, we could use SSH and replace the tunneling portion with that in SSL, or even use HTTPS and replace the SSL transaction with SSH-with-data-transport and a hook to extract the server public key from its certificate. There is no scientific impossibility, and if done properly, their security would remain the same.