SSL和SSH的不同(the differences between SSH and ssl)

SSH (Secure Shell) and SSL (Secure Sockets Layer) can both be used tosecure communications across the Internet. This page tries to explainthe differences between the two in easily understood terms.

SSL was designed to secure web sessions; it can do more, but that's the original intent.

SSH was designed to replace telnet and FTP; it can do more, but that's the original intent.

SSL is a drop-in with a number of uses. It front-ends HTTP to give youHTTPS. It can also do this for POP3, SMTP, IMAP, and just about anyother well-behaved TCP application. It's real easy for most programmerswho are creating network applications from scratch to just grab an SSLimplementation and bundle it with their app to provide encryption whencommunicating across the network via TCP. Check out: stunnel.org.

SSH is a swiss-army-knife designed to do a lot of different things,most of which revolve around setting up a secure tunnel between hosts.Some implementations of SSH rely on SSL libraries - this is because SSHand SSL use many of the same encryption algorithms (i.e. TripleDES).

SSH is not based on SSL in the sense that HTTPS is based on SSL. SSHdoes much more than SSL, and they don't talk to each other - the twoare different protocols, but have some overlap in how they accomplishsimiliar goals.

SSL by itself gives you nothing - just a handshake and encryption. You need an application to drive SSL to get real work done.

SSH by itself does a whole lot of useful stuff that allows users toperform real work. Two aspects of SSH are the console login (telnetreplacement) and secure file transfers (ftp replacement), but you alsoget an ability to tunnel (secure) additional applications, enabling auser to run HTTP, FTP, POP3, and just about anything else THROUGH anSSH tunnel.

Without interesting traffic from an application, SSL does nothing.Without interesting traffic from an application, SSH brings up anencrypted tunnel between two hosts which allows you to get real workdone through an interactive login shell, file transfers, etc.

Last comment: HTTPS does not extend SSL, it uses SSL to do HTTPsecurely. SSH does much more than SSL, and you can tunnel HTTPS throughit! Just because both SSL and SSH can do TripleDES doesn't mean one isbased on the other.

 

总而言之，SSL提供了握手和加密手段，不是一个独立的应用层协议，可以基于它修改现有的应用使之安全，而SSH是基于SSL之上的应用层协议，跟一般的通过SSL加密的应用层协议只是简单的修改socket接口替换为ssl接口的机制不同，SSH是一个完全替换telnet和ftp的应用，并且可以基于之上使用端口转发功能为其他应用层提供安全通道。