On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote:
> Can someone help me understand the difference between SSH and Telnet over
> SSL?
I will only talk about SSH v2 (and Telnet/SSL).
On the most basic level there is little difference. SSH is a remote
tty encryption standard. Telnet/SSL is a remote tty encryption
standard. At this level the only real difference is one can find SSH
clients and servers. I don't think I have *ever* spotted a Telnet/SSL
server. Telnet client/servers using SSL wrappers on each side, yes;
but never a real implimenation.
Now I am a bit of an SSH snob, so my differences list is pretty much
SSH can do this and Telnet/SSL can't.
- SSH is an encryption framework with special provisions specifically
for remote logins
+ a mechanism to pretect statistical analysis of the initial
password
+ an authentication layer to allow for multiple tty sessions with
only one sign on
+ multiple authentication methods and extensable authentication
methods that allow you to pick what is right for you
- SSH (as implied above) is more than a single tunnle for a data stream
it provides TCP tcp tunneling, X11 proxing, and TTY connections
through a *single* connection
- SSH doesn't need to use PKI for it to work (some commercial
versions can if you like), this is nice if you don't want
to setup a PKI framework for remote logins
- SSH provides a file transfer framework
- Telnet/SSL uses, well, SSL. So if you are lucky and have hardware
SSL encoding/decoding Telnet/SSL will be way more efficient.
The one saving grace of Telnet/SSL IMHO would be if you have hardware
SSL acceloraters, its performance will scream compared to SSH. Crypto
acceloraters might level the playing field a bit, but hardware SSL
(those network appliances that are design to free up your web servers
from the burden of SSL) would still make Telnet/SSL appealing.
This speed is only a concern, in practice, if you are transfering large
amounts of data. This would include file transfers, and a large number
of connections to a single machine.
We have serveral compute servers that routinely handle 30 - 50
connections without problem. Any more connections than that and the
server resources are strained, not from ssh, but from all the things
people are doing on the server (compiling, simulating the universe,
etc). The servers are Sun Ultra 2, with a very modest processor and
an OK amount of RAM.
-----------------------------------------------------------------------
__o Bradley Arlt Security Team Lead
_ \<_ [EMAIL PROTECTED] University Of Calgary
(_)/(_) I should be biking right now. Computer Science
