Ok, one question: Assume I've written an application that is composed of a client and a server. I've also created a special protocol for the communication between them. My real question is which is better to secure the communication between them. I'm interested in authentication and non-repudiation if possible. I was merely trying to gather clues to help me decide on the matter. Just a note: I was NOT the original poster that requested to know the diff between telner/SSL and SSH.
Thanks in advance, E 25/09/02 00:24:17, Chris Berry <[EMAIL PROTECTED]> wrote: >I tend to agree that this has already been aswered, but I'll say it in >another way so we can get past this. > >SSL-Secure Sockets Layer: Basically an add on bandaid type approach to make >inheirently insecure connections like telnet and ftp more secure by >encrypting transmissions at the SOCKET level. This system does not have >nearly the same robustness as SSH from the perspective of Authentication, >and secure design. > Advantages: You can use this with all the legacy apps out there, its >widely supported and implemented. > Disadvantages: Poor authentication system. (your conversation is sort of >safe, but are you sure you're talking to who you think you are talking to?) > >SSH-Secure Shell: This approach is a basically a complete rewrite of all >the old remote control software (telnet, ftp, rpc, etc.) in a secure way >that provides built in encryption and authentication. > Advantages: Security from the ground up, not an add on after the fact. > Disadvantages: Although its been out for quite some time, its not >nearly as pervasive or widely supported by applications. > >I hope that helps. If its still not enough check the following: > >www.openssl.org >www.openssh.com > >If you want a better answer ask a more specific question. > >>From: voguemaster <[EMAIL PROTECTED]> >>Reply-To: [EMAIL PROTECTED] >>To: [EMAIL PROTECTED], netsec novice <[EMAIL PROTECTED]>,Brad Arlt >><[EMAIL PROTECTED]>,Daniel Miessler <[EMAIL PROTECTED]> >>CC: [EMAIL PROTECTED] >>Subject: Re: RE: Telnet/SSL v SSH >>Date: Tue, 24 Sep 2002 11:54:17 +0200 >> >>Pardon me, but when have ppl given me that information ?? >> >>The only hint I have about the diff between SSH and SSL is the message >>I replied to. When I was talking about elaborating on tunneling I was >>basically asking what can I do with tunneling. Neither the SSL or the SSH >>websites give any real hint to this, not that I have found. >> >>Just one example: can I code a client/server applications and encrypt and >>do authentication with SSL/SSH tunneling ? I've no idea, not from the >>things I've read about those two. Yeah, SSH is a secure login and shell >>for a remote system. That I know. It's more than that, isn't it ?? >> >>I'm sorry if you're impatient about my post, but I don't recall people >>answering >>me and me being a nag about it all over again.. Maybe it's just my memory, >>but who knows.. >> >>E >> >>23/09/02 22:52:12, Daniel Miessler <[EMAIL PROTECTED]> wrote: >> >> >> Can you elaborate more on SSL tunneling vs. SSH tunneling ? >> >> What are they used for and what can I do with them, and maybe >> >> point to some good resources ? >> > >> >Friend, like 10 people have all given you the basics on the differences, >> >and now you ask to be told what they are used for and what you can do >> >with them? >> > >> >You asked for a resource - I give you Google. >> > >> >http://www.google.com >> > >> >If you put both of your terms into Google you will get more than enough >> >information to help you out. Just as a friendly piece of advise though, >> >don't ask a question on a newsgroup, have people answer you very nicely, >> >and then come back and basically say, "That's nice, tell me again - this >> >time in more detail." It's rude. >> > >> >Good luck on your search, man. >> > >> >--danielrm26 >> > >> > >> >> -----Original Message----- >> >> From: voguemaster [mailto:[EMAIL PROTECTED]] >> >> Sent: Saturday, September 21, 2002 5:16 PM >> >> To: netsec novice; Brad Arlt >> >> Cc: [EMAIL PROTECTED] >> >> Subject: Re: Telnet/SSL v SSH >> >> >> >> Question: >> >> >> >> >> >> Thanks >> >> Eli >> >> >> >> 20/09/02 18:47:23, Brad Arlt <[EMAIL PROTECTED]> wrote: >> >> >> >> >On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote: >> >> >> Can someone help me understand the difference between SSH and >> >Telnet over >> >> >> SSL? >> >> > >> >> >I will only talk about SSH v2 (and Telnet/SSL). >> >> > >> >> >On the most basic level there is little difference. SSH is a remote >> >> >tty encryption standard. Telnet/SSL is a remote tty encryption >> >> >standard. At this level the only real difference is one can find SSH >> >> >clients and servers. I don't think I have *ever* spotted a >> >Telnet/SSL >> >> >server. Telnet client/servers using SSL wrappers on each side, yes; >> >> >but never a real implimenation. >> >> > >> >> >Now I am a bit of an SSH snob, so my differences list is pretty much >> >> >SSH can do this and Telnet/SSL can't. >> >> > >> >> > - SSH is an encryption framework with special provisions >> >specifically >> >> > for remote logins >> >> > + a mechanism to pretect statistical analysis of the initial >> >> > password >> >> > + an authentication layer to allow for multiple tty sessions with >> >> > only one sign on >> >> > + multiple authentication methods and extensable authentication >> >> > methods that allow you to pick what is right for you >> >> > >> >> >- SSH (as implied above) is more than a single tunnle for a data >> >stream >> >> > it provides TCP tcp tunneling, X11 proxing, and TTY connections >> >> > through a *single* connection >> >> > >> >> >- SSH doesn't need to use PKI for it to work (some commercial >> >> > versions can if you like), this is nice if you don't want >> >> > to setup a PKI framework for remote logins >> >> > >> >> >- SSH provides a file transfer framework >> >> > >> >> >- Telnet/SSL uses, well, SSL. So if you are lucky and have hardware >> >> > SSL encoding/decoding Telnet/SSL will be way more efficient. >> >> > >> >> >The one saving grace of Telnet/SSL IMHO would be if you have hardware >> >> >SSL acceloraters, its performance will scream compared to SSH. >> >Crypto >> >> >acceloraters might level the playing field a bit, but hardware SSL >> >> >(those network appliances that are design to free up your web servers >> >> >from the burden of SSL) would still make Telnet/SSL appealing. >> >> > >> >> >This speed is only a concern, in practice, if you are transfering >> >large >> >> >amounts of data. This would include file transfers, and a large >> >number >> >> >of connections to a single machine. >> >> > >> >> >We have serveral compute servers that routinely handle 30 - 50 >> >> >connections without problem. Any more connections than that and the >> >> >server resources are strained, not from ssh, but from all the things >> >> >people are doing on the server (compiling, simulating the universe, >> >> >etc). The servers are Sun Ultra 2, with a very modest processor and >> >> >an OK amount of RAM. >> >> >> >>----------------------------------------------------------------------- >> >> > __o Bradley Arlt Security Team >> >Lead >> >> > _ \<_ [EMAIL PROTECTED] University Of >> >Calgary >> >> >(_)/(_) I should be biking right now. Computer Science >> >> > >> >> > >> >> "There's so many different worlds >> >> So many different suns >> >> And we have just one world >> >> But we live in different ones.." >> >> >> >> - Dire Straits >> > >>"There's so many different worlds >> So many different suns >> And we have just one world >> But we live in different ones.." >> >> - Dire Straits > > > > >Chris Berry >[EMAIL PROTECTED] >Systems Administrator >JM Associates > >"I have found the way, and the way is Perl." > > >_________________________________________________________________ >Join the world�s largest e-mail service with MSN Hotmail. >http://www.hotmail.com > > "There's so many different worlds So many different suns And we have just one world But we live in different ones.." - Dire Straits
