SSH 与 SSL
Posted talk is cheap, show me the cod
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SSH 与 SSL相关的知识,希望对你有一定的参考价值。
关于 ssh 有人已经总结得非常好了,这里推荐大家看下 阮一峰 写的 ssh原理与应用 写得简单易懂,非常赞。
关于 ssl 这里有一篇博文写得也不错,ssl协议详解
好了,那 ssh 和 ssl 有什么区别呢?网上找到一篇,可惜是英文的,我这个渣英文水平,斗胆翻译一下
SSH (Secure Shell) and SSL (Secure Sockets Layer) can both be used to secure communications across the Internet. This page tries to explain the differences between the two in easily understood terms.
SSH (secure shell) 和 ssl(secure socket layer) 都可以用于网路通讯加密,这篇文章会尝试以比较容易理解的方式来解释两者的不同。
SSL was designed to secure web sessions; it can do more, but that\'s
the original intent.
SSL的设计是为了加密网络的session,它可以有其它的用途,但是加密session才是它的设计初衷。
SSH was designed to replace telnet and FTP; it can do more, but
that\'s the original intent.
SSH 是为了代替 telnet 和 FTP,它也可以有其它的用途,但是设计初衷是为了替换 telnet 和 FTP。
SSL is a drop-in with a number of uses. It front-ends HTTP to give
you HTTPS. It can also do this for POP3, SMTP, IMAP, and just about
any other well-behaved TCP application. It\'s real easy for most
programmers who are creating network applications from scratch to
just grab an SSL implementation and bundle it with their app to
provide encryption when communicating across the network via TCP.
Check out: stunnel.org.
SSL 具有很多的用途,HTTPS的实现就是在HTTP之前经过了SSL的加密,它也可以用在POP3,SMTP,IMAP以及几乎所有支持TCP协议的应用之上。对于从头开始创建网络应用程序的大多数程序员,只需要将SSL与其应用程序捆绑在一起,即可通过TCP在网络上进行通信时提供加密,这是非常简单的。
SSH is a swiss-army-knife designed to do a lot of different things,
most of which revolve around setting up a secure tunnel between
hosts. Some implementations of SSH rely on SSL libraries - this is
because SSH and SSL use many of the same encryption algorithms
(i.e. TripleDES).
SSH是一种瑞士军刀,旨在做许多不同的事情,其中大部分都围绕在主机之间建立安全通道。 SSH的一些实现依赖于SSL库 - 这是因为SSH和SSL使用许多相同的加密算法。
SSH is not based on SSL in the sense that HTTPS is based on SSL.
SSH does much more than SSL, and they don\'t talk to each other -
the two are different protocols, but have some overlap in how they
accomplish similiar goals.
跟HTTPS基于SSL不同,SSH不是基于SSL的。 SSH和SSL 是不同的协议,SSH实现的功能比SSL更多,它们之间不能通信,但是它们在实现类似目标方面有一些重叠。
SSL by itself gives you nothing - just a handshake and encryption.
You need an application to drive SSL to get real work done.
SSL本身并不能提供服务, 只是一个握手和加密。您需要一个应用程序来驱动SSL才能完成实际工作(例如http)。
SSH by itself does a whole lot of useful stuff that allows users to
perform real work. Two aspects of SSH are the console login (telnet
replacement) and secure file transfers (ftp replacement), but you
also get an ability to tunnel (secure) additional applications,
enabling a user to run HTTP, FTP, POP3, and just about anything
else THROUGH an SSH tunnel.
SSH本身做了很多有用的东西,允许用户执行真正的工作。 SSH的两个方面是控制台登录(telnet替换)和安全文件传输(ftp替换),但您还可以通过隧道(安全)其他应用程序的功能,使用户能够运行HTTP,FTP,POP3和任何可以使用SSH隧道的应用。
Without interesting traffic from an application, SSL does nothing.
Without interesting traffic from an application, SSH brings up an
encrypted tunnel between two hosts which allows you to get real
work done through an interactive login shell, file transfers,
etc.
如果没有来自应用程序的流量,SSL什么都不做。没有来自应用程序的流量,SSH会在两台主机之间创建一个加密隧道,这样可以通过交互式登录shell,文件传输等方式完成实际工作。
Last comment: HTTPS does not extend SSL, it uses SSL to do HTTP
securely. SSH does much more than SSL, and you can tunnel HTTPS
through it! Just because both SSL and SSH can do TripleDES doesn\'t
mean one is based on the other.
最后评论:HTTPS不会扩展SSL,它使用SSL安全地执行HTTP。 SSH比SSL更好,您可以通过HTTPS隧道!只是因为SSL和SSH都可以做三重DES并不意味着一个基于另一个。
以上是关于SSH 与 SSL的主要内容,如果未能解决你的问题,请参考以下文章
使用 SSH 通过 Squid 与 SSL 碰撞连接到 Git
加密与解密OpenSSL(SSL/TLS)OpenSSH(ssh)dropbear
Linux-SSL和SSH和OpenSSH,OpenSSL有啥区别