Re: RE: Telnet/SSL v SSH

From: voguemaster (hydrax@netvision.net.il)
Date: 09/26/02


Date: Thu, 26 Sep 2002 00:04:45 +0200
From: voguemaster <hydrax@netvision.net.il>
To: Chris Berry <compjma@hotmail.com>, security-basics@securityfocus.com

Ok, one question:

Assume I've written an application that is composed of a client and a server.
I've also created a special protocol for the communication between them.
My real question is which is better to secure the communication between them.
I'm interested in authentication and non-repudiation if possible. I was merely
trying to gather clues to help me decide on the matter. Just a note: I was NOT
the original poster that requested to know the diff between telner/SSL and
SSH.

Thanks in advance,
E

25/09/02 00:24:17, Chris Berry <compjma@hotmail.com> wrote:

>I tend to agree that this has already been aswered, but I'll say it in
>another way so we can get past this.
>
>SSL-Secure Sockets Layer: Basically an add on bandaid type approach to make
>inheirently insecure connections like telnet and ftp more secure by
>encrypting transmissions at the SOCKET level. This system does not have
>nearly the same robustness as SSH from the perspective of Authentication,
>and secure design.
> Advantages: You can use this with all the legacy apps out there, its
>widely supported and implemented.
> Disadvantages: Poor authentication system. (your conversation is sort of
>safe, but are you sure you're talking to who you think you are talking to?)
>
>SSH-Secure Shell: This approach is a basically a complete rewrite of all
>the old remote control software (telnet, ftp, rpc, etc.) in a secure way
>that provides built in encryption and authentication.
> Advantages: Security from the ground up, not an add on after the fact.
> Disadvantages: Although its been out for quite some time, its not
>nearly as pervasive or widely supported by applications.
>
>I hope that helps. If its still not enough check the following:
>
>www.openssl.org
>www.openssh.com
>
>If you want a better answer ask a more specific question.
>
>>From: voguemaster <hydrax@netvision.net.il>
>>Reply-To: lordsoth8@bigfoot.com
>>To: lordsoth8@bigfoot.com, netsec novice <netsec9@hotmail.com>,Brad Arlt
>><arlt@cpsc.ucalgary.ca>,Daniel Miessler <danielrm26@hotmail.com>
>>CC: security-basics@securityfocus.com
>>Subject: Re: RE: Telnet/SSL v SSH
>>Date: Tue, 24 Sep 2002 11:54:17 +0200
>>
>>Pardon me, but when have ppl given me that information ??
>>
>>The only hint I have about the diff between SSH and SSL is the message
>>I replied to. When I was talking about elaborating on tunneling I was
>>basically asking what can I do with tunneling. Neither the SSL or the SSH
>>websites give any real hint to this, not that I have found.
>>
>>Just one example: can I code a client/server applications and encrypt and
>>do authentication with SSL/SSH tunneling ? I've no idea, not from the
>>things I've read about those two. Yeah, SSH is a secure login and shell
>>for a remote system. That I know. It's more than that, isn't it ??
>>
>>I'm sorry if you're impatient about my post, but I don't recall people
>>answering
>>me and me being a nag about it all over again.. Maybe it's just my memory,
>>but who knows..
>>
>>E
>>
>>23/09/02 22:52:12, Daniel Miessler <danielrm26@hotmail.com> wrote:
>>
>> >> Can you elaborate more on SSL tunneling vs. SSH tunneling ?
>> >> What are they used for and what can I do with them, and maybe
>> >> point to some good resources ?
>> >
>> >Friend, like 10 people have all given you the basics on the differences,
>> >and now you ask to be told what they are used for and what you can do
>> >with them?
>> >
>> >You asked for a resource - I give you Google.
>> >
>> >http://www.google.com
>> >
>> >If you put both of your terms into Google you will get more than enough
>> >information to help you out. Just as a friendly piece of advise though,
>> >don't ask a question on a newsgroup, have people answer you very nicely,
>> >and then come back and basically say, "That's nice, tell me again - this
>> >time in more detail." It's rude.
>> >
>> >Good luck on your search, man.
>> >
>> >--danielrm26
>> >
>> >
>> >> -----Original Message-----
>> >> From: voguemaster [mailto:hydrax@netvision.net.il]
>> >> Sent: Saturday, September 21, 2002 5:16 PM
>> >> To: netsec novice; Brad Arlt
>> >> Cc: security-basics@securityfocus.com
>> >> Subject: Re: Telnet/SSL v SSH
>> >>
>> >> Question:
>> >>
>> >>
>> >> Thanks
>> >> Eli
>> >>
>> >> 20/09/02 18:47:23, Brad Arlt <arlt@cpsc.ucalgary.ca> wrote:
>> >>
>> >> >On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote:
>> >> >> Can someone help me understand the difference between SSH and
>> >Telnet over
>> >> >> SSL?
>> >> >
>> >> >I will only talk about SSH v2 (and Telnet/SSL).
>> >> >
>> >> >On the most basic level there is little difference. SSH is a remote
>> >> >tty encryption standard. Telnet/SSL is a remote tty encryption
>> >> >standard. At this level the only real difference is one can find SSH
>> >> >clients and servers. I don't think I have *ever* spotted a
>> >Telnet/SSL
>> >> >server. Telnet client/servers using SSL wrappers on each side, yes;
>> >> >but never a real implimenation.
>> >> >
>> >> >Now I am a bit of an SSH snob, so my differences list is pretty much
>> >> >SSH can do this and Telnet/SSL can't.
>> >> >
>> >> > - SSH is an encryption framework with special provisions
>> >specifically
>> >> > for remote logins
>> >> > + a mechanism to pretect statistical analysis of the initial
>> >> > password
>> >> > + an authentication layer to allow for multiple tty sessions with
>> >> > only one sign on
>> >> > + multiple authentication methods and extensable authentication
>> >> > methods that allow you to pick what is right for you
>> >> >
>> >> >- SSH (as implied above) is more than a single tunnle for a data
>> >stream
>> >> > it provides TCP tcp tunneling, X11 proxing, and TTY connections
>> >> > through a *single* connection
>> >> >
>> >> >- SSH doesn't need to use PKI for it to work (some commercial
>> >> > versions can if you like), this is nice if you don't want
>> >> > to setup a PKI framework for remote logins
>> >> >
>> >> >- SSH provides a file transfer framework
>> >> >
>> >> >- Telnet/SSL uses, well, SSL. So if you are lucky and have hardware
>> >> > SSL encoding/decoding Telnet/SSL will be way more efficient.
>> >> >
>> >> >The one saving grace of Telnet/SSL IMHO would be if you have hardware
>> >> >SSL acceloraters, its performance will scream compared to SSH.
>> >Crypto
>> >> >acceloraters might level the playing field a bit, but hardware SSL
>> >> >(those network appliances that are design to free up your web servers
>> >> >from the burden of SSL) would still make Telnet/SSL appealing.
>> >> >
>> >> >This speed is only a concern, in practice, if you are transfering
>> >large
>> >> >amounts of data. This would include file transfers, and a large
>> >number
>> >> >of connections to a single machine.
>> >> >
>> >> >We have serveral compute servers that routinely handle 30 - 50
>> >> >connections without problem. Any more connections than that and the
>> >> >server resources are strained, not from ssh, but from all the things
>> >> >people are doing on the server (compiling, simulating the universe,
>> >> >etc). The servers are Sun Ultra 2, with a very modest processor and
>> >> >an OK amount of RAM.
>> >>
>> >>-----------------------------------------------------------------------
>> >> > __o Bradley Arlt Security Team
>> >Lead
>> >> > _ \<_ arlt@cpsc.ucalgary.ca University Of
>> >Calgary
>> >> >(_)/(_) I should be biking right now. Computer Science
>> >> >
>> >> >
>> >> "There's so many different worlds
>> >> So many different suns
>> >> And we have just one world
>> >> But we live in different ones.."
>> >>
>> >> - Dire Straits
>> >
>>"There's so many different worlds
>> So many different suns
>> And we have just one world
>> But we live in different ones.."
>>
>> - Dire Straits
>
>
>
>
>Chris Berry
>compjma@hotmail.com
>Systems Administrator
>JM Associates
>
>"I have found the way, and the way is Perl."
>
>
>_________________________________________________________________
>Join the worldís largest e-mail service with MSN Hotmail.
>http://www.hotmail.com
>
>
"There's so many different worlds
 So many different suns
 And we have just one world
 But we live in different ones.."
 
 - Dire Straits



Relevant Pages

  • Re: RE: Telnet/SSL v SSH
    ... nearly the same robustness as SSH from the perspective of Authentication, ... and secure design. ... Disadvantages: Poor authentication system. ... When I was talking about elaborating on tunneling I was ...
    (Security-Basics)
  • RE: HOW: SSL/SSH connection ??
    ... SSH uses SSL to secure/encrypt data. ... There is no quick and easy way to programmatically implement secure ... communication in Windows. ...
    (microsoft.public.dotnet.languages.vc)
  • Re: What are some good ways of securing a IIS server ?
    ... password is just for authentication, while SSL cert enables ... to secure the communication data...... ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: [Full-disclosure] Why Vulnerability Databases cant do everything
    ... best to relegate programming to a ... is a big difference between these two views of information security. ... but not nearly as important as designing secure systems. ... My favorite example to illustrate this point - ssh. ...
    (Bugtraq)
  • Re: PEAP-TLS vs EAP-TLS
    ... The documentation is correct in the order of being most secure though most ... confusing here is that EAP and EAP-TLS are not the same. ... does not allow authentication to be done in clear text. ... Take a look at "Securing Wireless LANs with Certificate Services" ...
    (microsoft.public.windows.server.security)