SSH vs SSL | Difference between SSH and SSL protocols
This page compares SSH vs SSL and mentions difference between SSH and SSL protocols. In order to derive difference between SSH and SSL we will compare SSL handshake protocol and SSH handshake protocol stack. The messages exchanged between client and server are also shown to compare SSH vs SSL.
SSL Handshake Protocol Stack
SSL Handshake protocol allows following between client and Server. The
handshake is done before any data is transmitted
• 1. to authenticate each other
• 2. to negotiate encryption and MAC algorithms
• 3. to create cryptographic keys to be used
• 4. to establish a session and then a connection
There are four phases in SSL handshake protocol.
Following series of messages are used in these 4 phases.
• Phase-1: Establish Security Capabilities
• Phase-2: Server Authentication and Key Exchange
• Phase-3: Client Authentication and Key Exchange
• Phase-4: Finish
Handshake message format:
{ Type (1 byte), Length (3 bytes), Content (>= 0 bytes) }
Following table mentions message types used in SSL handshake protocol between client and server.
Message Type | Parameters |
---|---|
•Hello_request | •Null |
•Client_hello | •version random •session Id •cipher suite •compression method |
•Server_hello | •version random •session Id •cipher suite •compression method |
•Certificate | •Chain of X.509-v3 certificates |
•Server_key_exchange | •Parameters •signature, |
•Certificate_request | •type •authorities |
•Server_done | •NULL |
•Certificate_Verify | •Signature |
•Client_Key_exchange | •parameters •signature |
•Finished | •Hash Value |
Phase#1: Establish security capabilities, including protocol version,
session ID, cipher suite, compression method, and initial random numbers.
Phase#2: Server may send certificate, key exchange, and request certificate.
At this stage, server signals end of the hello message phase.
Phase#3: Client transmits certificate if needed.
Client transmits key exchange. Client may transmit certificate verification.
Phase#4: Change cipher suite and finish handshake protocol.
SSH Handshake Protocol Stack-Messages exchanged between SSH client,SSH server
The figure-1 depicts SSH protocol stack. Following are the functions of SSH protocol layers. It exists
above the TCP/IP layers.
• Transport Layer Protocol: Provides server authentication, data confidentiality, and data integrity
with forward secrecy (i.e. if a key is compromised during one session, the knowledge does not affect
the security of earlier sessions). The transport layer may optionally provide compression.
• User Authentication Protocol: This protocol authenticates user with server.
• Connection Protocol: This protocol type multiplexes multiple logical channels
over single SSH connection.
SSH Client vs SSH Server messages
Following are the messages exchanged between SSH client and SSH server.
• Identification string exchange
-To know which SSH version, which SSH implementation
• Algorithm Negotiation
-For the crypto algorithms (key exchange, encryption, MAC) and compression algo.
-A list in the order of preference of the client
-For each category, the algorithm chosen is the first algorithm on the client's
list that is also supported by the server.
• key exchange
-Only two exchanges
-Diffie-Hellman based
-Also signed by the server (host private key)
-As a result (i) two sides now share a master key K. (ii) the server has been authenticated to the client.
• Then, encryption, MAC keys and IV are derived from the master key
• End of key exchange
-To signal the end of key exchange process
-Encrypted and MACed using the new keys
• Service Request: to initiate either user authentication or connection protocol
SSH connection Protocol Exchange
The figure above depicts SSH connection protocol.
• runs on SSH Transport Layer Protocol
• assumes secure authentication connection
-which is called tunnel
• used for multiple logical channels
-It uses separate channels
-either side (client and server) require unique ID-numbers for opening.
-flow control via sliding window protocol mechanism
-have 3 stages viz. opening of channel, data communication or transfer, closing of channel
SSH vs SSL-difference between SSH and SSL
Following table compares SSH vs SSL and mentions difference between SSH and SSL protocols.
Networking related links
Basics of OSI and TCPIP layers
Networking Gateway
What is Router
What is an IP address
network switch
network bridge
Hub and Types of Hub
What is MAC address
What is Difference between
hub Vs switch circuit switching Vs packet switching firewall Vs router HDLC Vs PPP IGRP Vs EIGRP router Vs bridge switch Vs router WLAN Vs Ethernet LAN LAN vs WAN vs MAN