Re: Telnet/SSL v SSH
From: voguemaster (hydrax@netvision.net.il)Date: 09/21/02
- Previous message: Frederick Garbrecht: "Re: help learning to read tcpdumps and network captures"
- In reply to: Brad Arlt: "Re: Telnet/SSL v SSH"
- Next in thread: Daniel Miessler: "RE: Telnet/SSL v SSH"
- Next in thread: Daniel Miessler: "RE: Telnet/SSL v SSH"
- Reply: Daniel Miessler: "RE: Telnet/SSL v SSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 21 Sep 2002 23:15:31 +0200 From: voguemaster <hydrax@netvision.net.il> To: netsec novice <netsec9@hotmail.com>, Brad Arlt <arlt@cpsc.ucalgary.ca>
Question:
Can you elaborate more on SSL tunneling vs. SSH tunneling ?
What are they used for and what can I do with them, and maybe
point to some good resources ?
Thanks
Eli
20/09/02 18:47:23, Brad Arlt <arlt@cpsc.ucalgary.ca> wrote:
>On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote:
>> Can someone help me understand the difference between SSH and Telnet over
>> SSL?
>
>I will only talk about SSH v2 (and Telnet/SSL).
>
>On the most basic level there is little difference. SSH is a remote
>tty encryption standard. Telnet/SSL is a remote tty encryption
>standard. At this level the only real difference is one can find SSH
>clients and servers. I don't think I have *ever* spotted a Telnet/SSL
>server. Telnet client/servers using SSL wrappers on each side, yes;
>but never a real implimenation.
>
>Now I am a bit of an SSH snob, so my differences list is pretty much
>SSH can do this and Telnet/SSL can't.
>
> - SSH is an encryption framework with special provisions specifically
> for remote logins
> + a mechanism to pretect statistical analysis of the initial
> password
> + an authentication layer to allow for multiple tty sessions with
> only one sign on
> + multiple authentication methods and extensable authentication
> methods that allow you to pick what is right for you
>
>- SSH (as implied above) is more than a single tunnle for a data stream
> it provides TCP tcp tunneling, X11 proxing, and TTY connections
> through a *single* connection
>
>- SSH doesn't need to use PKI for it to work (some commercial
> versions can if you like), this is nice if you don't want
> to setup a PKI framework for remote logins
>
>- SSH provides a file transfer framework
>
>- Telnet/SSL uses, well, SSL. So if you are lucky and have hardware
> SSL encoding/decoding Telnet/SSL will be way more efficient.
>
>The one saving grace of Telnet/SSL IMHO would be if you have hardware
>SSL acceloraters, its performance will scream compared to SSH. Crypto
>acceloraters might level the playing field a bit, but hardware SSL
>(those network appliances that are design to free up your web servers
>from the burden of SSL) would still make Telnet/SSL appealing.
>
>This speed is only a concern, in practice, if you are transfering large
>amounts of data. This would include file transfers, and a large number
>of connections to a single machine.
>
>We have serveral compute servers that routinely handle 30 - 50
>connections without problem. Any more connections than that and the
>server resources are strained, not from ssh, but from all the things
>people are doing on the server (compiling, simulating the universe,
>etc). The servers are Sun Ultra 2, with a very modest processor and
>an OK amount of RAM.
>-----------------------------------------------------------------------
> __o Bradley Arlt Security Team Lead
> _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
>(_)/(_) I should be biking right now. Computer Science
>
>
"There's so many different worlds
So many different suns
And we have just one world
But we live in different ones.."
- Dire Straits
- Previous message: Frederick Garbrecht: "Re: help learning to read tcpdumps and network captures"
- In reply to: Brad Arlt: "Re: Telnet/SSL v SSH"
- Next in thread: Daniel Miessler: "RE: Telnet/SSL v SSH"
- Next in thread: Daniel Miessler: "RE: Telnet/SSL v SSH"
- Reply: Daniel Miessler: "RE: Telnet/SSL v SSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
