RFSSH vs SSL: Understanding the Key Differences
Advertisement
This article compares SSH (Secure Shell) and SSL (Secure Sockets Layer) protocols, highlighting their differences. We will examine the SSL handshake protocol and the SSH handshake protocol stack to understand these differences.
SSL Handshake Protocol
The SSL handshake protocol facilitates the following interactions between a client and a server. This handshake occurs before any data transmission:
- 1. Authentication: To authenticate each other.
- 2. Negotiation: To negotiate encryption and MAC (Message Authentication Code) algorithms.
- 3. Key Creation: To create cryptographic keys for use during the session.
- 4. Session Establishment: To establish a secure session and then a connection.
The SSL handshake protocol involves four distinct phases, with a series of messages exchanged during these phases.
- Phase-1: Establish Security Capabilities
- Phase-2: Server Authentication and Key Exchange
- Phase-3: Client Authentication and Key Exchange
- Phase-4: Finish Handshake
The message format is as follows: { Type (1 byte), Length (3 bytes), Content (>= 0 bytes) }
The following table lists the message types used in the SSL handshake protocol between the client and server.
| Message Type | Parameters |
|---|---|
| Hello_request | Null |
| Client_hello | version random • session Id • cipher suite • compression method |
| Server_hello | version random • session Id • cipher suite • compression method |
| Certificate | Chain of X.509-v3 certificates |
| Server_key_exchange | Parameters • signature |
| Certificate_request | type • authorities |
| Server_done | NULL |
| Certificate_Verify | Signature |
| Client_Key_exchange | parameters • signature |
| Finished | Hash Value |
Phase Breakdown:
- Phase #1: Establish Security Capabilities: Includes protocol version, session ID, cipher suite, compression method, and initial random numbers.
- Phase #2: Server Actions: The server may send a certificate, perform key exchange, and request a certificate from the client. The server signals the end of the hello message phase.
- Phase #3: Client Actions: The client transmits a certificate if needed, performs key exchange, and may transmit certificate verification.
- Phase #4: Completion: Change cipher suite and finish the handshake protocol.
SSH Handshake Protocol
The following are the functions of SSH protocol layers. It exists above the TCP/IP layers.
- Transport Layer Protocol: Provides server authentication, data confidentiality, and data integrity with forward secrecy (i.e., if a key is compromised during one session, the knowledge does not affect the security of earlier sessions). The transport layer may optionally provide compression.
- User Authentication Protocol: This protocol authenticates the user with the server.
- Connection Protocol: This protocol type multiplexes multiple logical channels over a single SSH connection.
The following messages are exchanged between the SSH client and SSH server.
-
Identification String Exchange: Determines the SSH version and implementation being used.
-
Algorithm Negotiation: Negotiates cryptographic algorithms (key exchange, encryption, MAC) and compression algorithms. The client provides a list of preferred algorithms, and the server chooses the first algorithm on the client’s list that it also supports.
-
Key Exchange: Typically Diffie-Hellman based and signed by the server’s host private key. This results in:
- (i) Both sides sharing a master key, K.
- (ii) The server being authenticated to the client.
-
Key Derivation: Encryption, MAC keys, and Initialization Vectors (IV) are derived from the master key.
-
End of Key Exchange: Signals the end of the key exchange process, encrypted and MACed using the new keys.
-
Service Request: Initiates either user authentication or the connection protocol.
The following describes the SSH connection protocol.
- Runs on top of the SSH Transport Layer Protocol.
- Assumes a secure, authenticated connection (a “tunnel”).
- Used for multiple logical channels, each requiring unique ID-numbers for opening by either the client or server.
- Employs flow control via a sliding window protocol mechanism.
- Has 3 stages: opening of the channel, data communication or transfer, and closing of the channel.
SSH vs SSL: Key Differences
| Feature | SSH | SSL |
|---|---|---|
| Purpose | Secure remote login and command execution; also used for tunneling (port forwarding). | Secure communication over the internet; primarily used to secure web traffic (HTTPS). |
| Transport Layer | Typically uses TCP. | Can use TCP, but is often associated with HTTP (HTTPS). |
| Authentication | Primarily relies on public-key cryptography (SSH keys) but can also support password authentication. | Primarily relies on certificates issued by Certificate Authorities (CAs). |
| Application | Securely accessing a remote server, executing commands, and transferring files (using SCP or SFTP). | Securing web browser communication with web servers, protecting sensitive data like passwords and credit card information. |
| Default Port | 22 | 443 |
| Handshake Complexity | Relatively simple handshake process. | More complex handshake process due to certificate validation and trust chain verification. |
| Security Focus | Securing the entire session, providing a secure tunnel for all data. | Securing specific applications (e.g., web browsing) by encrypting the data transmitted between client and server. |
In summary, while both SSH and SSL provide secure communication, they serve different purposes and employ different mechanisms to achieve security. SSH is primarily used for secure remote access and tunneling, while SSL is primarily used for securing web traffic and other internet communications.
