> Can you elaborate more on SSL tunneling vs. SSH tunneling ? > What are they used for and what can I do with them, and maybe > point to some good resources ?
Friend, like 10 people have all given you the basics on the differences, and now you ask to be told what they are used for and what you can do with them? You asked for a resource - I give you Google. http://www.google.com If you put both of your terms into Google you will get more than enough information to help you out. Just as a friendly piece of advise though, don't ask a question on a newsgroup, have people answer you very nicely, and then come back and basically say, "That's nice, tell me again - this time in more detail." It's rude. Good luck on your search, man. --danielrm26 > -----Original Message----- > From: voguemaster [mailto:[EMAIL PROTECTED]] > Sent: Saturday, September 21, 2002 5:16 PM > To: netsec novice; Brad Arlt > Cc: [EMAIL PROTECTED] > Subject: Re: Telnet/SSL v SSH > > Question: > > > Thanks > Eli > > 20/09/02 18:47:23, Brad Arlt <[EMAIL PROTECTED]> wrote: > > >On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote: > >> Can someone help me understand the difference between SSH and Telnet over > >> SSL? > > > >I will only talk about SSH v2 (and Telnet/SSL). > > > >On the most basic level there is little difference. SSH is a remote > >tty encryption standard. Telnet/SSL is a remote tty encryption > >standard. At this level the only real difference is one can find SSH > >clients and servers. I don't think I have *ever* spotted a Telnet/SSL > >server. Telnet client/servers using SSL wrappers on each side, yes; > >but never a real implimenation. > > > >Now I am a bit of an SSH snob, so my differences list is pretty much > >SSH can do this and Telnet/SSL can't. > > > > - SSH is an encryption framework with special provisions specifically > > for remote logins > > + a mechanism to pretect statistical analysis of the initial > > password > > + an authentication layer to allow for multiple tty sessions with > > only one sign on > > + multiple authentication methods and extensable authentication > > methods that allow you to pick what is right for you > > > >- SSH (as implied above) is more than a single tunnle for a data stream > > it provides TCP tcp tunneling, X11 proxing, and TTY connections > > through a *single* connection > > > >- SSH doesn't need to use PKI for it to work (some commercial > > versions can if you like), this is nice if you don't want > > to setup a PKI framework for remote logins > > > >- SSH provides a file transfer framework > > > >- Telnet/SSL uses, well, SSL. So if you are lucky and have hardware > > SSL encoding/decoding Telnet/SSL will be way more efficient. > > > >The one saving grace of Telnet/SSL IMHO would be if you have hardware > >SSL acceloraters, its performance will scream compared to SSH. Crypto > >acceloraters might level the playing field a bit, but hardware SSL > >(those network appliances that are design to free up your web servers > >from the burden of SSL) would still make Telnet/SSL appealing. > > > >This speed is only a concern, in practice, if you are transfering large > >amounts of data. This would include file transfers, and a large number > >of connections to a single machine. > > > >We have serveral compute servers that routinely handle 30 - 50 > >connections without problem. Any more connections than that and the > >server resources are strained, not from ssh, but from all the things > >people are doing on the server (compiling, simulating the universe, > >etc). The servers are Sun Ultra 2, with a very modest processor and > >an OK amount of RAM. > >----------------------------------------------------------------------- > > __o Bradley Arlt Security Team Lead > > _ \<_ [EMAIL PROTECTED] University Of Calgary > >(_)/(_) I should be biking right now. Computer Science > > > > > "There's so many different worlds > So many different suns > And we have just one world > But we live in different ones.." > > - Dire Straits
