Re: RE: Telnet/SSL v SSH

From: Chris Berry (compjma@hotmail.com)
Date: 09/25/02


From: "Chris Berry" <compjma@hotmail.com>
To: security-basics@securityfocus.com
Date: Tue, 24 Sep 2002 15:24:17 -0700

I tend to agree that this has already been aswered, but I'll say it in
another way so we can get past this.

SSL-Secure Sockets Layer: Basically an add on bandaid type approach to make
inheirently insecure connections like telnet and ftp more secure by
encrypting transmissions at the SOCKET level. This system does not have
nearly the same robustness as SSH from the perspective of Authentication,
and secure design.
    Advantages: You can use this with all the legacy apps out there, its
widely supported and implemented.
    Disadvantages: Poor authentication system. (your conversation is sort of
safe, but are you sure you're talking to who you think you are talking to?)

SSH-Secure Shell: This approach is a basically a complete rewrite of all
the old remote control software (telnet, ftp, rpc, etc.) in a secure way
that provides built in encryption and authentication.
    Advantages: Security from the ground up, not an add on after the fact.
    Disadvantages: Although its been out for quite some time, its not
nearly as pervasive or widely supported by applications.

I hope that helps. If its still not enough check the following:

www.openssl.org
www.openssh.com

If you want a better answer ask a more specific question.

>From: voguemaster <hydrax@netvision.net.il>
>Reply-To: lordsoth8@bigfoot.com
>To: lordsoth8@bigfoot.com, netsec novice <netsec9@hotmail.com>,Brad Arlt
><arlt@cpsc.ucalgary.ca>,Daniel Miessler <danielrm26@hotmail.com>
>CC: security-basics@securityfocus.com
>Subject: Re: RE: Telnet/SSL v SSH
>Date: Tue, 24 Sep 2002 11:54:17 +0200
>
>Pardon me, but when have ppl given me that information ??
>
>The only hint I have about the diff between SSH and SSL is the message
>I replied to. When I was talking about elaborating on tunneling I was
>basically asking what can I do with tunneling. Neither the SSL or the SSH
>websites give any real hint to this, not that I have found.
>
>Just one example: can I code a client/server applications and encrypt and
>do authentication with SSL/SSH tunneling ? I've no idea, not from the
>things I've read about those two. Yeah, SSH is a secure login and shell
>for a remote system. That I know. It's more than that, isn't it ??
>
>I'm sorry if you're impatient about my post, but I don't recall people
>answering
>me and me being a nag about it all over again.. Maybe it's just my memory,
>but who knows..
>
>E
>
>23/09/02 22:52:12, Daniel Miessler <danielrm26@hotmail.com> wrote:
>
> >> Can you elaborate more on SSL tunneling vs. SSH tunneling ?
> >> What are they used for and what can I do with them, and maybe
> >> point to some good resources ?
> >
> >Friend, like 10 people have all given you the basics on the differences,
> >and now you ask to be told what they are used for and what you can do
> >with them?
> >
> >You asked for a resource - I give you Google.
> >
> >http://www.google.com
> >
> >If you put both of your terms into Google you will get more than enough
> >information to help you out. Just as a friendly piece of advise though,
> >don't ask a question on a newsgroup, have people answer you very nicely,
> >and then come back and basically say, "That's nice, tell me again - this
> >time in more detail." It's rude.
> >
> >Good luck on your search, man.
> >
> >--danielrm26
> >
> >
> >> -----Original Message-----
> >> From: voguemaster [mailto:hydrax@netvision.net.il]
> >> Sent: Saturday, September 21, 2002 5:16 PM
> >> To: netsec novice; Brad Arlt
> >> Cc: security-basics@securityfocus.com
> >> Subject: Re: Telnet/SSL v SSH
> >>
> >> Question:
> >>
> >>
> >> Thanks
> >> Eli
> >>
> >> 20/09/02 18:47:23, Brad Arlt <arlt@cpsc.ucalgary.ca> wrote:
> >>
> >> >On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote:
> >> >> Can someone help me understand the difference between SSH and
> >Telnet over
> >> >> SSL?
> >> >
> >> >I will only talk about SSH v2 (and Telnet/SSL).
> >> >
> >> >On the most basic level there is little difference. SSH is a remote
> >> >tty encryption standard. Telnet/SSL is a remote tty encryption
> >> >standard. At this level the only real difference is one can find SSH
> >> >clients and servers. I don't think I have *ever* spotted a
> >Telnet/SSL
> >> >server. Telnet client/servers using SSL wrappers on each side, yes;
> >> >but never a real implimenation.
> >> >
> >> >Now I am a bit of an SSH snob, so my differences list is pretty much
> >> >SSH can do this and Telnet/SSL can't.
> >> >
> >> > - SSH is an encryption framework with special provisions
> >specifically
> >> > for remote logins
> >> > + a mechanism to pretect statistical analysis of the initial
> >> > password
> >> > + an authentication layer to allow for multiple tty sessions with
> >> > only one sign on
> >> > + multiple authentication methods and extensable authentication
> >> > methods that allow you to pick what is right for you
> >> >
> >> >- SSH (as implied above) is more than a single tunnle for a data
> >stream
> >> > it provides TCP tcp tunneling, X11 proxing, and TTY connections
> >> > through a *single* connection
> >> >
> >> >- SSH doesn't need to use PKI for it to work (some commercial
> >> > versions can if you like), this is nice if you don't want
> >> > to setup a PKI framework for remote logins
> >> >
> >> >- SSH provides a file transfer framework
> >> >
> >> >- Telnet/SSL uses, well, SSL. So if you are lucky and have hardware
> >> > SSL encoding/decoding Telnet/SSL will be way more efficient.
> >> >
> >> >The one saving grace of Telnet/SSL IMHO would be if you have hardware
> >> >SSL acceloraters, its performance will scream compared to SSH.
> >Crypto
> >> >acceloraters might level the playing field a bit, but hardware SSL
> >> >(those network appliances that are design to free up your web servers
> >> >from the burden of SSL) would still make Telnet/SSL appealing.
> >> >
> >> >This speed is only a concern, in practice, if you are transfering
> >large
> >> >amounts of data. This would include file transfers, and a large
> >number
> >> >of connections to a single machine.
> >> >
> >> >We have serveral compute servers that routinely handle 30 - 50
> >> >connections without problem. Any more connections than that and the
> >> >server resources are strained, not from ssh, but from all the things
> >> >people are doing on the server (compiling, simulating the universe,
> >> >etc). The servers are Sun Ultra 2, with a very modest processor and
> >> >an OK amount of RAM.
> >>
> >>-----------------------------------------------------------------------
> >> > __o Bradley Arlt Security Team
> >Lead
> >> > _ \<_ arlt@cpsc.ucalgary.ca University Of
> >Calgary
> >> >(_)/(_) I should be biking right now. Computer Science
> >> >
> >> >
> >> "There's so many different worlds
> >> So many different suns
> >> And we have just one world
> >> But we live in different ones.."
> >>
> >> - Dire Straits
> >
>"There's so many different worlds
> So many different suns
> And we have just one world
> But we live in different ones.."
>
> - Dire Straits

Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates

"I have found the way, and the way is Perl."

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com



Relevant Pages

  • Re: RE: Telnet/SSL v SSH
    ... My real question is which is better to secure the communication between them. ... I'm interested in authentication and non-repudiation if possible. ... >nearly the same robustness as SSH from the perspective of Authentication, ...
    (Security-Basics)
  • Re: two simple questions from a newbie
    ... > ssh X tunneling and remote X client apps, ... An ssh tunnel means that anyone between you and the ssh server (your PC in ... Were you trying to secure something specific, ...
    (comp.os.linux.security)
  • Re: [Full-disclosure] Why Vulnerability Databases cant do everything
    ... best to relegate programming to a ... is a big difference between these two views of information security. ... but not nearly as important as designing secure systems. ... My favorite example to illustrate this point - ssh. ...
    (Bugtraq)
  • Re: Setting up SSH on Snow Leopard
    ... The above indicates that the only two methods of authentication ... I did *not* enable the publickey or ... keyboard-interactive methods in my client. ... being advertised by the SSH server on the Mac client? ...
    (comp.sys.mac.system)
  • Re: authentication problem
    ... I have an authentication issue with ssh that i'd like to ask for clues ... but owner? ... Could you make sure ~/.ssh on both machines is only read/write ...
    (Fedora)