首页 > 代码库 > SSH 与 SSL

SSH 与 SSL

  关于 ssh 有人已经总结得非常好了,这里推荐大家看下 阮一峰 写的 ssh原理与应用 写得简单易懂,非常赞。

  关于 ssl  这里有一篇博文写得也不错,ssl协议详解

  好了,那 ssh 和 ssl 有什么区别呢?网上找到一篇,可惜是英文的,我这个渣英文水平,斗胆翻译一下

  SSH (Secure Shell) and SSL (Secure Sockets Layer) can both be used to secure communications across the Internet. This page tries to explain the differences between the two in easily understood terms.

  SSH (secure shell) 和 ssl(secure socket layer) 都可以用于网路通讯加密,这篇文章会尝试以比较容易理解的方式来解释两者的不同。


  SSL was designed to secure web sessions; it can do more, but that‘s the original intent.

  SSL的设计是为了加密网络的session,它可以有其它的用途,但是加密session才是它的设计初衷。

  SSH was designed to replace telnet and FTP; it can do more, but that‘s the original intent.

  SSH 是为了代替 telnet 和 FTP,它也可以有其它的用途,但是设计初衷是为了替换 telnet 和 FTP。

  SSL is a drop-in with a number of uses. It front-ends HTTP to give you HTTPS. It can also do this for POP3, SMTP, IMAP, and just about any other well-behaved TCP application. It‘s real easy for most programmers who are creating network applications from scratch to just grab an SSL implementation and bundle it with their app to provide encryption when communicating across the network via TCP. Check out: stunnel.org.

  SSL 具有很多的用途,HTTPS的实现就是在HTTP之前经过了SSL的加密,它也可以用在POP3,SMTP,IMAP以及几乎所有支持TCP协议的应用之上。对于从头开始创建网络应用程序的大多数程序员,只需要将SSL与其应用程序捆绑在一起,即可通过TCP在网络上进行通信时提供加密,这是非常简单的。

  SSH is a swiss-army-knife designed to do a lot of different things, most of which revolve around setting up a secure tunnel between hosts. Some implementations of SSH rely on SSL libraries - this is because SSH and SSL use many of the same encryption algorithms (i.e. TripleDES).

  SSH是一种瑞士军刀,旨在做许多不同的事情,其中??大部分都围绕在主机之间建立安全通道。 SSH的一些实现依赖于SSL库 - 这是因为SSH和SSL使用许多相同的加密算法。

  SSH is not based on SSL in the sense that HTTPS is based on SSL. SSH does much more than SSL, and they don‘t talk to each other - the two are different protocols, but have some overlap in how they accomplish similiar goals.

  跟HTTPS基于SSL不同,SSH不是基于SSL的。 SSH和SSL 是不同的协议,SSH实现的功能比SSL更多,它们之间不能通信,但是它们在实现类似目标方面有一些重叠。
  
  SSL by itself gives you nothing - just a handshake and encryption. You need an application to drive SSL to get real work done.

  SSL本身并不能提供服务, 只是一个握手和加密。您需要一个应用程序来驱动SSL才能完成实际工作(例如http)。
  
  SSH by itself does a whole lot of useful stuff that allows users to perform real work. Two aspects of SSH are the console login (telnet replacement) and secure file transfers (ftp replacement), but you also get an ability to tunnel (secure) additional applications, enabling a user to run HTTP, FTP, POP3, and just about anything else THROUGH an SSH tunnel.

  SSH本身做了很多有用的东西,允许用户执行真正的工作。 SSH的两个方面是控制台登录(telnet替换)和安全文件传输(ftp替换),但您还可以通过隧道(安全)其他应用程序的功能,使用户能够运行HTTP,FTP,POP3和任何可以使用SSH隧道的应用。

  Without interesting traffic from an application, SSL does nothing. Without interesting traffic from an application, SSH brings up an encrypted tunnel between two hosts which allows you to get real work done through an interactive login shell, file transfers, etc.

  如果没有来自应用程序的流量,SSL什么都不做。没有来自应用程序的流量,SSH会在两台主机之间创建一个加密隧道,这样可以通过交互式登录shell,文件传输等方式完成实际工作。

  Last comment: HTTPS does not extend SSL, it uses SSL to do HTTP securely. SSH does much more than SSL, and you can tunnel HTTPS through it! Just because both SSL and SSH can do TripleDES doesn‘t mean one is based on the other.

  最后评论:HTTPS不会扩展SSL,它使用SSL安全地执行HTTP。 SSH比SSL更好,您可以通过HTTPS隧道!只是因为SSL和SSH都可以做三重DES并不意味着一个基于另一个。

 

  

SSH 与 SSL