Question: Can you elaborate more on SSL tunneling vs. SSH tunneling ? What are they used for and what can I do with them, and maybe point to some good resources ?
Thanks Eli 20/09/02 18:47:23, Brad Arlt <[EMAIL PROTECTED]> wrote: >On Thu, Sep 19, 2002 at 10:02:49PM +0000, netsec novice wrote: >> Can someone help me understand the difference between SSH and Telnet over >> SSL? > >I will only talk about SSH v2 (and Telnet/SSL). > >On the most basic level there is little difference. SSH is a remote >tty encryption standard. Telnet/SSL is a remote tty encryption >standard. At this level the only real difference is one can find SSH >clients and servers. I don't think I have *ever* spotted a Telnet/SSL >server. Telnet client/servers using SSL wrappers on each side, yes; >but never a real implimenation. > >Now I am a bit of an SSH snob, so my differences list is pretty much >SSH can do this and Telnet/SSL can't. > > - SSH is an encryption framework with special provisions specifically > for remote logins > + a mechanism to pretect statistical analysis of the initial > password > + an authentication layer to allow for multiple tty sessions with > only one sign on > + multiple authentication methods and extensable authentication > methods that allow you to pick what is right for you > >- SSH (as implied above) is more than a single tunnle for a data stream > it provides TCP tcp tunneling, X11 proxing, and TTY connections > through a *single* connection > >- SSH doesn't need to use PKI for it to work (some commercial > versions can if you like), this is nice if you don't want > to setup a PKI framework for remote logins > >- SSH provides a file transfer framework > >- Telnet/SSL uses, well, SSL. So if you are lucky and have hardware > SSL encoding/decoding Telnet/SSL will be way more efficient. > >The one saving grace of Telnet/SSL IMHO would be if you have hardware >SSL acceloraters, its performance will scream compared to SSH. Crypto >acceloraters might level the playing field a bit, but hardware SSL >(those network appliances that are design to free up your web servers >from the burden of SSL) would still make Telnet/SSL appealing. > >This speed is only a concern, in practice, if you are transfering large >amounts of data. This would include file transfers, and a large number >of connections to a single machine. > >We have serveral compute servers that routinely handle 30 - 50 >connections without problem. Any more connections than that and the >server resources are strained, not from ssh, but from all the things >people are doing on the server (compiling, simulating the universe, >etc). The servers are Sun Ultra 2, with a very modest processor and >an OK amount of RAM. >----------------------------------------------------------------------- > __o Bradley Arlt Security Team Lead > _ \<_ [EMAIL PROTECTED] University Of Calgary >(_)/(_) I should be biking right now. Computer Science > > "There's so many different worlds So many different suns And we have just one world But we live in different ones.." - Dire Straits
