The most important advantage of SSH isits protection against packet spoofing, IP spoofing, password sniffing andeavesdropping.
SSH uses user and host key rather than IP address and implementscryptography for both authentication and communication. Communication between clientto server is obtained by asymmetric public-key in the Authentication Protocolwhere a one-time password or Kerberos is used such as RSA or DSA. The TransportProtocol however uses data by symmetric secret key and the encryption type canbe specified by the user based on random keys that are securely negotiated byclient and server for each server. Moreover, other services such asDiffie-Hellman key algorithm, host to client asymmetric public key and standardciphers are used.
Secure Socket Layer(SSL)SSL was developed by Netscape and hasbeen implemented in many web browsers and web servers and widely used on theinternet. The Secure Socket Layer provides a secure transport connectionbetween applications. Its main purpose is to encrypt the web traffic betweentwo sites so no one can listen in and get confidential information such ascredit card information. The secure web site includes a digital certificatesigned by some certificate authority. The certificate includes the server name,its public key, IP number, and an expiration date.
It is typically signed witha 1024-bit key by the CA. The security achieved by SSL is:Confidentiality – Encrypted data issent between client and server, so that passive wire tappers cannot read sensitivedata. A secret key is created based on information generated by the client witha secure random number generator.
This uses public keys to exchange the secretkey. The server sends its public key to the client then the client encrypts thesecret key with the server’s public key and sends it to the server. The serverdecrypts the secret key information with the server’s private key.
The data isencrypted and decrypted with the secret key once the client and server use thenegotiated algorithm.Integrity Protection – Protectionagainst modification of messages by an active wire tapper. Authentication – Verification that apeer is who they claim to be. Serversare usually authenticated, and clients may be authenticated if requested byservers.SSL ComponentsSSL Handshake Protocol negotiates thesecurity algorithms and parameters, key exchanges, server authentication andclient authentication. The SSL handshake enables the SSL client and server toestablish the secret keys with which they communicate.
SSL Record Protocol provides fragmentation,compression, encryption, message authentication and integrity protection.SSL Alert Protocol sends error messages suchas fatal alerts and warnings.SSL Change Cipher Spec Protocol is a singlemessage that indicates the end of the SSL handshake.