SSH vs SSL | Difference between SSH and SSL protocols

This page compares SSH vs SSL and mentions difference between SSH and SSL protocols. In order to derive difference between SSH and SSL we will compare SSL handshake protocol and SSH handshake protocol stack. The messages exchanged between client and server are also shown to compare SSH vs SSL.

SSL Handshake Protocol Stack

SSL handshake protocol

SSL Handshake protocol allows following between client and Server. The handshake is done before any data is transmitted
• 1. to authenticate each other
• 2. to negotiate encryption and MAC algorithms
• 3. to create cryptographic keys to be used
• 4. to establish a session and then a connection

There are four phases in SSL handshake protocol. Following series of messages are used in these 4 phases.
• Phase-1: Establish Security Capabilities
• Phase-2: Server Authentication and Key Exchange
• Phase-3: Client Authentication and Key Exchange
• Phase-4: Finish

Handshake message format:
{ Type (1 byte), Length (3 bytes), Content (>= 0 bytes) }

Following table mentions message types used in SSL handshake protocol between client and server.

Message Type Parameters
•Hello_request  •Null 
•Client_hello  •version random •session Id •cipher suite •compression method 
•Server_hello  •version random •session Id •cipher suite •compression method
•Certificate  •Chain of X.509-v3 certificates
•Server_key_exchange  •Parameters •signature,
•Certificate_request  •type •authorities  
•Server_done  •NULL 
•Certificate_Verify  •Signature 
•Client_Key_exchange  •parameters •signature 
•Finished  •Hash Value 

Phase#1: Establish security capabilities, including protocol version, session ID, cipher suite, compression method, and initial random numbers.
Phase#2: Server may send certificate, key exchange, and request certificate. At this stage, server signals end of the hello message phase.
Phase#3: Client transmits certificate if needed. Client transmits key exchange. Client may transmit certificate verification.
Phase#4: Change cipher suite and finish handshake protocol.

SSH Handshake Protocol Stack-Messages exchanged between SSH client,SSH server

SSH Protocol Stack

The figure-1 depicts SSH protocol stack. Following are the functions of SSH protocol layers. It exists above the TCP/IP layers.
• Transport Layer Protocol: Provides server authentication, data confidentiality, and data integrity with forward secrecy (i.e. if a key is compromised during one session, the knowledge does not affect the security of earlier sessions). The transport layer may optionally provide compression.
• User Authentication Protocol: This protocol authenticates user with server.
• Connection Protocol: This protocol type multiplexes multiple logical channels over single SSH connection.

SSH Client vs SSH Server messages

SSH client vs SSH server messages

Following are the messages exchanged between SSH client and SSH server.
• Identification string exchange
-To know which SSH version, which SSH implementation
• Algorithm Negotiation
-For the crypto algorithms (key exchange, encryption, MAC) and compression algo.
-A list in the order of preference of the client
-For each category, the algorithm chosen is the first algorithm on the client's list that is also supported by the server.
• key exchange
-Only two exchanges
-Diffie-Hellman based
-Also signed by the server (host private key)
-As a result (i) two sides now share a master key K. (ii) the server has been authenticated to the client.
• Then, encryption, MAC keys and IV are derived from the master key
• End of key exchange
-To signal the end of key exchange process
-Encrypted and MACed using the new keys
• Service Request: to initiate either user authentication or connection protocol

SSH connection Protocol Exchange

SSH connection protocol exchange

The figure above depicts SSH connection protocol.
• runs on SSH Transport Layer Protocol
• assumes secure authentication connection
-which is called tunnel
• used for multiple logical channels
-It uses separate channels
-either side (client and server) require unique ID-numbers for opening.
-flow control via sliding window protocol mechanism
-have 3 stages viz. opening of channel, data communication or transfer, closing of channel

SSH vs SSL-difference between SSH and SSL

Following table compares SSH vs SSL and mentions difference between SSH and SSL protocols.

SSH vs SSL,difference between SSH and SSL

Networking related links

Basics of OSI and TCPIP layers
Networking Gateway
What is Router
What is an IP address
network switch
network bridge
Hub and Types of Hub
What is MAC address

What is Difference between

hub Vs switch  circuit switching Vs packet switching  firewall Vs router  HDLC Vs PPP  IGRP Vs EIGRP  router Vs bridge  switch Vs router  WLAN Vs Ethernet LAN  LAN vs WAN vs MAN 

RF and Wireless Terminologies