Terminology » Security » SSH vs SSL: Understanding the Key Differences

SSH vs SSL: Understanding the Key Differences

ssh ssl security protocol encryption

This article compares SSH (Secure Shell) and SSL (Secure Sockets Layer) protocols, highlighting their differences. We will examine the SSL handshake protocol and the SSH handshake protocol stack to understand these differences.

SSL Handshake Protocol

The SSL handshake protocol facilitates the following interactions between a client and a server. This handshake occurs before any data transmission:

  • 1. Authentication: To authenticate each other.
  • 2. Negotiation: To negotiate encryption and MAC (Message Authentication Code) algorithms.
  • 3. Key Creation: To create cryptographic keys for use during the session.
  • 4. Session Establishment: To establish a secure session and then a connection.

The SSL handshake protocol involves four distinct phases, with a series of messages exchanged during these phases.

  • Phase-1: Establish Security Capabilities
  • Phase-2: Server Authentication and Key Exchange
  • Phase-3: Client Authentication and Key Exchange
  • Phase-4: Finish Handshake

The message format is as follows: { Type (1 byte), Length (3 bytes), Content (>= 0 bytes) }

The following table lists the message types used in the SSL handshake protocol between the client and server.

Message TypeParameters
Hello_requestNull
Client_helloversion random • session Id • cipher suite • compression method
Server_helloversion random • session Id • cipher suite • compression method
CertificateChain of X.509-v3 certificates
Server_key_exchangeParameters • signature
Certificate_requesttype • authorities
Server_doneNULL
Certificate_VerifySignature
Client_Key_exchangeparameters • signature
FinishedHash Value

Phase Breakdown:

  • Phase #1: Establish Security Capabilities: Includes protocol version, session ID, cipher suite, compression method, and initial random numbers.
  • Phase #2: Server Actions: The server may send a certificate, perform key exchange, and request a certificate from the client. The server signals the end of the hello message phase.
  • Phase #3: Client Actions: The client transmits a certificate if needed, performs key exchange, and may transmit certificate verification.
  • Phase #4: Completion: Change cipher suite and finish the handshake protocol.

SSH Handshake Protocol

The following are the functions of SSH protocol layers. It exists above the TCP/IP layers.

  • Transport Layer Protocol: Provides server authentication, data confidentiality, and data integrity with forward secrecy (i.e., if a key is compromised during one session, the knowledge does not affect the security of earlier sessions). The transport layer may optionally provide compression.
  • User Authentication Protocol: This protocol authenticates the user with the server.
  • Connection Protocol: This protocol type multiplexes multiple logical channels over a single SSH connection.

The following messages are exchanged between the SSH client and SSH server.

  • Identification String Exchange: Determines the SSH version and implementation being used.

  • Algorithm Negotiation: Negotiates cryptographic algorithms (key exchange, encryption, MAC) and compression algorithms. The client provides a list of preferred algorithms, and the server chooses the first algorithm on the client’s list that it also supports.

  • Key Exchange: Typically Diffie-Hellman based and signed by the server’s host private key. This results in:

    • (i) Both sides sharing a master key, K.
    • (ii) The server being authenticated to the client.

  • Key Derivation: Encryption, MAC keys, and Initialization Vectors (IV) are derived from the master key.

  • End of Key Exchange: Signals the end of the key exchange process, encrypted and MACed using the new keys.

  • Service Request: Initiates either user authentication or the connection protocol.

The following describes the SSH connection protocol.

  • Runs on top of the SSH Transport Layer Protocol.
  • Assumes a secure, authenticated connection (a “tunnel”).
  • Used for multiple logical channels, each requiring unique ID-numbers for opening by either the client or server.
  • Employs flow control via a sliding window protocol mechanism.
  • Has 3 stages: opening of the channel, data communication or transfer, and closing of the channel.

SSH vs SSL: Key Differences

FeatureSSHSSL
PurposeSecure remote login and command execution; also used for tunneling (port forwarding).Secure communication over the internet; primarily used to secure web traffic (HTTPS).
Transport LayerTypically uses TCP.Can use TCP, but is often associated with HTTP (HTTPS).
AuthenticationPrimarily relies on public-key cryptography (SSH keys) but can also support password authentication.Primarily relies on certificates issued by Certificate Authorities (CAs).
ApplicationSecurely accessing a remote server, executing commands, and transferring files (using SCP or SFTP).Securing web browser communication with web servers, protecting sensitive data like passwords and credit card information.
Default Port22443
Handshake ComplexityRelatively simple handshake process.More complex handshake process due to certificate validation and trust chain verification.
Security FocusSecuring the entire session, providing a secure tunnel for all data.Securing specific applications (e.g., web browsing) by encrypting the data transmitted between client and server.

In summary, while both SSH and SSL provide secure communication, they serve different purposes and employ different mechanisms to achieve security. SSH is primarily used for secure remote access and tunneling, while SSL is primarily used for securing web traffic and other internet communications.