1. Introduction
SSH and SSL are cryptographic protocols used to encrypt and authorize data sent over the internet. Both protocols have a lot in common, but their purpose is different.
In this tutorial, we’ll describe them in detail and compare them.
2. SSH
SSH is used to secure a connection with a remote server over a TCP/IP network. It allows controlling the server via a terminal. It’s a successor of an older protocol named Telnet. In contrast to Telnet, an SSH connection is encrypted. It’s commonly used for a variety of purposes, e.g., remote work on machines, safe data transfer, managing remote databases, or using email providers.
SSH works in a client-server or server-client architecture. The connection is made between the SSH application and the SSH server. SSH provides two ways of authentication to connect to a remote server:
- by a public key
- by a password or passphrase
Let’s see how they work.
2.1. Authentication
Authentication by a public key relies on cryptographic asymmetric techniques. It uses keypairs of two keys, public and private.
The private key is kept on the client-side and should be securely stored and never shared. It’s used to decrypt and sign data. Exposure of the private key can allow unauthorized persons to access the machines associated with the public key.
In contrast, the public key can be liberally shared. The server stores the public key in the dedicated file. The public key encrypts the data in a way that only the associated private key can decrypt. Therefore, using that feature, the server is able to authenticate the client. So, only the client who possesses the associated private key can authenticate to the server.
This method of authentication provides a stronger level of security than using a password or a passphrase. Moreover, using SSH Keys provides the possibility to implement a single sign-on mechanism across the SSH servers.
The second way of authentication is using a password or passphrase. It’s simple and less secure than the SSH keys technique. Users should use complex and long enough passwords. Otherwise, they can be vulnerable to popular attacks like brute force or even easy to guess. To sum up, both ways can be used to authenticate the SSH connection. Although public-key authentication is mostly recommended, and it provides the strongest level of security.
2.2. Architecture
SSH consists of three layers. The first of them is the transport layer. It’s responsible for encryption, compression, and data integrity. Moreover, it maintains the session. After one hour or one gigabyte of transfer data, the connection parameters are reassigned, e.g., the SSH keys are being exchanged again.
The second one is an authentication layer. The authentication layer works on top of the transport layer. It provides and handles the authentication methods. In other words, it authenticates the client to the server. We have described authentication methods in the previous section.
The last one is the connection layer. It manages the properties and configuration of the connection channels. There are three main channel types, namely: shell, direct-tcpip, and forwarded-tcpip.
Now, let’s see the structure of the SSH packet:
The SSH packet contains five fields. The first one, length, is a four bytes field that specifies the packet length in bytes, excluding HMAC value and the length field itself.
The second field, padding length, describes the length of the random padding in bytes. The payload field contains useful data, and it has a variable size.
The next field is the padding. It should be made up of random bytes, and it has an arbitrary length. The maximum size of this field is 255 bytes. The padding provides additional protection against some types of threats, e.g., time analysis attacks.
The last field is MAC (message authentication code). The MAC is calculated after the message authentication negotiation. Therefore, initially, it’s none.
3. SSL
The SSL (Secure Socket Layer) is a common network protocol that provides a safe connection and transfer of encrypted data between the server and the end-users. The most known SSL protocol usage is in the HTTPS protocol. We all use HTTPS often, for instance, while making online payments. Websites that use HTTPS are secured with the SSL certificate. It ensures that confidential data like credit cards number are protected from any attacks or exposures.
In other words, SSL is designed to secure the data transmission in the internet network by using cryptographic encryption and authentication mechanisms.
There are three core benefits of using SSL:
- encryption – protect the transferred data from any exposure
- authentication – ensures that transferred data comes from the correct server
- data integrity – warrants that transferred data isn’t changed or lost during the transfer
3.1. SSL Certificate
While browsing websites that aren’t using an SSL certificate, the data are sent using plain text. Thus, the data are easy to capture and read by potential attackers. On the other hand, when an SSL certificate is installed on the www server, the communication between the server and the client, e.g., the web browser, is safe and encrypted. Moreover, only the certified authorities can issue the SSL certificate.
The SSL certificate workflow relies on asymmetric cryptography. In the previous section, we’ve mentioned its fundamentals. The WWW server stores the private key. The public key is shared with clients who receive an SSL certificate while entering the website. The digital certificate holds the public key. The connection is established by using a mechanism called an SSL handshake.
Let’s see how it works:
The client initiates the SSL handshake. It sends the specification required by the server, including the SSL version, compression method, cipher suite, and session-related data. This initial phase is often called “Client Hello”.
The second phase is called “Server Hello”. During it, the server verifies the highest version of the SSL protocol that both sides can handle, and it chooses a possible method of compression and encryption. Then, the server answers the client with that information.
In the next step, the client authenticates the server. Therefore, it verifies the server SSL certificate. After the successful authentication, the client, based on the cipher, creates the premaster secret and encrypts it using the server’s public key. Then, it sends it to the server. The server receives that premaster secret and decrypts it with its private key. Now, both sides can generate the master secret for symmetric encryption.
Finally, both sides exchange messages with information that from now on will be encrypted.
3.2. Architecture
Let’s briefly define the architecture of the SSL protocol. It consists of four sub-protocols. The first of them is the Record protocol. It ensures the safety and integrity of the transferred data. In general, it’s responsible for splitting the data, wrapping them in dedicated headers, and creating the object called a record. The record can be encrypted, compressed, provided with the MAC code, and transferred via TCP protocol.
The second protocol is called the Alert protocol. Its main purpose is to notify about the errors that occur during the transfer. The most crucial one is the SSL Handshake protocol. It manages the SSL Handshake process that we’ve described in the previous section. Finally, there is a Change Cipher protocol. It holds a single message with just one value. It’s responsible only for setting the session’s state.
4. SSH vs. SSL
We have described the fundamentals of SSH and SSL protocols. Now, let’s compare them and point out the differences.
First of all, the SSH protocol encrypts the communication between two machines. Its main purpose is to provide secure communication while remotely operating a server from another computer over the network. On the other hand, the SSL protocol encrypts the communication between the client and the server. The client is most often a web browser. The main goal of the SSL protocol is to protect data, especially confidential ones from any attacks or exposures.
The SSH protocol can be called a remote protocol. It provides authentication using a password or private and public keys. In contrast, the SSL protocol can be called a security protocol. It usually uses digital certificates to authenticate the client and the server. The next difference is that the work of the SSH protocol relies on network tunnels. Whereas the SSL protocol is based on digital certificates.
Finally, the SSL protocol is widely used in online banking, e-commerce, social media, health care, and all other services that process confidential data. However, The SSH protocol is adopted by the networking industry, and it’s used in specific cases like terminal access, file transfers, tunneling applications, establishing a VPN.
5. Conclusion
In this article, we’ve described the core principles of SSH and SSL protocols in detail and compare them. They have a lot in common regarding their functionalities nut there are also some differences. The most important difference is that they are designed and used for different purposes.