本文涉及 SSL/TLS 与 SSH 的相关内容
欢迎捉虫。
0.太长不看版
SSH通常用于安全地远程登陆
SSL是TLS的前身,TLS通常用于秘密传输网页数据
TLS 与 SSH 同等地安全
SSL与SSH只是名字像而已,其实没有任何关系 (同样地,TLS和SSH也没有任何关系)
SSH 不是 telnet+SSL!!!
1.SSL/TLS
SSL全称Secure Sockets Layer
TLS全称Transport Layer Security
端口443
**P.S.**为了安全,务必使用 TLS 1.3
1.1.SSL/TLS history
SSL 1.0 未公开过,因为它有着严重的安全漏洞。
SSL 2.0 于 1995年2月发布,随后很快被找出了很多机密性与可用性漏洞
SSL 3.0 于 1996年发布,以后的SSL/TLS都是基于这个版本。2014年,人们发现 SSL 3.0 在POODLE 攻击下的脆弱性。
TLS 1.0 是SSL 3.0 的更新版本,于 1999 年 1 月 发布。
TLS 1.1 于2006年4月发布
TLS 1.0 和 TLS 1.1 在 2020 年被广泛弃用。
TLS 1.2 于2008年8月发布
TLS 1.3 于2018年8月发布,保证了前向安全(TLS1.2则没有)
1.2.for security
在网站交互过程中,SSL/TLS基于PKI和数字证书来实现安全性和完整性。
2.SSH
SSH全称Secure Shell
端口22
SSH实现安全的手段是:
使用 用户名/口令认证系统(或者公私钥对) 为两台(异地的)电脑创造一条隧道。隧道建立后,就可以远程操作另一台电脑的shell,并且在隧道内的任何通信都是安全的。
3.SSL与SSH的不同点
SSH (Secure Shell) and SSL (Secure Sockets Layer) can both be used to secure communications across the Internet. This page tries to explain the differences between the two in easily understood terms.
SSL was designed to secure web sessions; it can do more, but that’s the original intent.
SSH was designed to replace telnet and FTP; it can do more, but that’s the original intent.
SSL is a drop-in with a number of uses. It front-ends HTTP to give you HTTPS. It can also do this for POP3, SMTP, IMAP, and just about any other well-behaved TCP application. It’s real easy for most programmers who are creating network applications from scratch to just grab an SSL implementation and bundle it with their app to provide encryption when communicating across the network via TCP. Check out: stunnel.org.
SSH is a swiss-army-knife designed to do a lot of different things, most of which revolve around setting up a secure tunnel between hosts. Some implementations of SSH rely on SSL libraries - this is because SSH and SSL use many of the same encryption algorithms (i.e. TripleDES).
SSH is not based on SSL in the sense that HTTPS is based on SSL. SSH does much more than SSL, and they don’t talk to each other - the two are different protocols, but have some overlap in how they accomplish similiar goals.
SSL by itself gives you nothing - just a handshake and encryption. You need an application to drive SSL to get real work done.
SSH by itself does a whole lot of useful stuff that allows users to perform real work. Two aspects of SSH are the console login (telnet replacement) and secure file transfers (ftp replacement), but you also get an ability to tunnel (secure) additional applications, enabling a user to run HTTP, FTP, POP3, and just about anything else THROUGH an SSH tunnel.
Without interesting traffic from an application, SSL does nothing. Without interesting traffic from an application, SSH brings up an encrypted tunnel between two hosts which allows you to get real work done through an interactive login shell, file transfers, etc.
Last comment: HTTPS does not extend SSL, it uses SSL to do HTTP securely. SSH does much more than SSL, and you can tunnel HTTPS through it! Just because both SSL and SSH can do TripleDES doesn’t mean one is based on the other.
SSH面向工程师;
而SSL/TLS是一个为了网站的安全性而设的协议,对于用户透明。
图截自[2],侵删
4.SSL与SSH的相似性
我相信很多人都被它俩的名字迷惑了(包括我),更何况它们都是用于安全通信(抽象地来说)、都使用加密技术来保证两台网络设备之间传输的数据的安全。
以上就是它们的相似性
5. SFTP vs FTPS
SFTP:SSH FTP
FTPS:FTP over SSL
二者技术栈不同,但起到一样的效果(应该)
参考
[1]stackoverflow 和 stackexchange 各个问答
[2] https://www.ssl2buy.com/wiki/ssh-vs-ssl-tls
[3] https://kinsta.com/knowledgebase/ssh-vs-ssl/
拓展阅读
科普系列会一直写下去(尽管不那么从0到1),如果有想让我科普的内容欢迎电邮