SSH与SSL之间的区别

转载文章链接：

What is the difference between SSH and SSL?

http://www.cnblogs.com/cheerwen2005/archive/2007/03/20/681051.html

 

SSH (Secure Shell) and SSL (Secure Sockets Layer) can both be used to secure communications across the Internet. This page tries to explain the differences between the two in easily understood terms.

 

SSL was designed to secure web sessions; it can do more, but that's the original intent.

 

SSH was designed to replace telnet and FTP; it can do more, but that's the original intent.

 

SSL is a drop-in with a number of uses. It front-ends HTTP to give you HTTPS. It can also do this for POP3, SMTP, IMAP, and just about any other well-behaved TCP application. It's really easy for most programmers who are creating network applications from scratch to just grab an SSL implementation and bundle it with their app to provide encryption when communicating across the network via TCP. Check out: stunnel.org.

 

SSH is a swiss-army-knife designed to do a lot of different things, most of which revolve around setting up a secure tunnel between hosts. Some implementations of SSH rely on SSL libraries - this is because SSH and SSL use many of the same encryption algorithms (i.e. Triple DES).

 

SSH is not based on SSL in the sense that HTTPS is based on SSL. SSH does much more than SSL, and they don't talk to each other - the two are different protocols but have some overlap in how they accomplish similar goals.

 

SSL by itself gives you nothing - just a handshake and encryption. You need an application to drive SSL to get real work done.

 

SSH by itself does a whole lot of useful stuff that allows users to perform real work. Two aspects of SSH are the console login (telnet replacement) and secure file transfers (ftp replacement), but you also get an ability to tunnel (secure) additional applications, enabling a user to run HTTP, FTP, POP3, and just about anything else THROUGH an SSH tunnel.

 

Without interesting traffic from an application, SSL does nothing. Without interesting traffic from an application, SSH brings up an encrypted tunnel between two hosts which allows you to get real work done through an interactive login shell, file transfers, etc.

 

Last comment: HTTPS does not extend SSL, it uses SSL to do HTTP securely. SSH does much more than SSL, and you can tunnel HTTPS through it! Just because both SSL and SSH can do Triple DES doesn't mean one is based on the other.

 

Triple DES（三重数据加密算法）

密码学中，三种数据加密算法（英语：Triple Data Encryption Algorithm，缩写为TDEA，Triple DEA），或称3DES（Triple DES），是一种对称密钥加密块密码，相当于是每个数据块应用三次数据加密标准（DES）算法。

 

有关两个协议的具体应用实例可以查看：FTPS（基于 SSL 的FTP）与 SFTP（SSH 文件传输协议）对比