On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote: > Can someone help me understand the difference between SSH and Telnet over > SSL?
I will only talk about SSH v2 (and Telnet/SSL). On the most basic level there is little difference. SSH is a remote tty encryption standard. Telnet/SSL is a remote tty encryption standard. At this level the only real difference is one can find SSH clients and servers. I don't think I have *ever* spotted a Telnet/SSL server. Telnet client/servers using SSL wrappers on each side, yes; but never a real implimenation. Now I am a bit of an SSH snob, so my differences list is pretty much SSH can do this and Telnet/SSL can't. - SSH is an encryption framework with special provisions specifically for remote logins + a mechanism to pretect statistical analysis of the initial password + an authentication layer to allow for multiple tty sessions with only one sign on + multiple authentication methods and extensable authentication methods that allow you to pick what is right for you - SSH (as implied above) is more than a single tunnle for a data stream it provides TCP tcp tunneling, X11 proxing, and TTY connections through a *single* connection - SSH doesn't need to use PKI for it to work (some commercial versions can if you like), this is nice if you don't want to setup a PKI framework for remote logins - SSH provides a file transfer framework - Telnet/SSL uses, well, SSL. So if you are lucky and have hardware SSL encoding/decoding Telnet/SSL will be way more efficient. The one saving grace of Telnet/SSL IMHO would be if you have hardware SSL acceloraters, its performance will scream compared to SSH. Crypto acceloraters might level the playing field a bit, but hardware SSL (those network appliances that are design to free up your web servers from the burden of SSL) would still make Telnet/SSL appealing. This speed is only a concern, in practice, if you are transfering large amounts of data. This would include file transfers, and a large number of connections to a single machine. We have serveral compute servers that routinely handle 30 - 50 connections without problem. Any more connections than that and the server resources are strained, not from ssh, but from all the things people are doing on the server (compiling, simulating the universe, etc). The servers are Sun Ultra 2, with a very modest processor and an OK amount of RAM. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ [EMAIL PROTECTED] University Of Calgary (_)/(_) I should be biking right now. Computer Science