Interaction between SSL & SSH?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Just when I thought I had figured out the differences between SSL and

 "SSL is a library, and SSH and application which happens to use the
SSL library"

some poster comes along and says that SSH doesn't even use the SSL

So, what gives?

Let me try and venture an explanation.

Conceivably one could rewrite a version of SSH  which takes advantage
of the SSL library. It just happens that the SSH developers decided to
"roll their own" implementation of the SSL protocols and bypassed

Did I get it right?


Re: Interaction between SSL & SSH?

Quoted text here. Click to load it

I am referring to the versions normally found in Linux, BTW.


Re: Interaction between SSL & SSH?

Ramon F Herrera schreef:
Quoted text here. Click to load it
You might want to look here /

Re: Interaction between SSL & SSH?

Quoted text here. Click to load it

SSH doesn't use SSL protocols.

SSH and SSL however may share underlying crypto algorithms
which can be implemented in the same library (e.g. libcrypto
from OpenSSL). But that depends on how you build SSH.

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Re: Interaction between SSL & SSH?

Quoted text here. Click to load it

It's a half-way situation.

For a start, you are presumably referring to _Open_SSH and
_Open_SSL, which are specific implementation of (respectively) SSH
and SSL.

OpenSSL comes in two halves:, an implementation of the SSL
protocol, and, a collection of implementations of the
individual underlying cryptographic primitives such as block
ciphers, public-key encryption and signing, hashes, MACs,
Diffie-Hellman key exchange, and so on.

OpenSSH uses the libcrypto half of OpenSSL, but does not use the
libssl half. Package-based Linux distributions (such as Debian)
generally do not separate the two halves of OpenSSL, meaning that
the OpenSSH package lists a dependency on the OpenSSL package and
people therefore presume that it uses the whole of OpenSSL. But in
fact, all OpenSSH uses is the same set of building blocks which
OpenSSL does.

Quoted text here. Click to load it

The SSH _protocol_ is not the same as the SSL protocol. They have a
noticeable similarity of structure, simply because there's a
standard list of things you have to do if you're building a secure
network protocol at all (a key exchange phase, encryption, integrity
protection, authentication), but they also have a lot of differences
in the details.

For this reason, would be useless to anyone implementing
an SSH server or client.

Also, this means there's no particular reason why an SSH
implementation _has_ to depend on an SSL library: it just so happens
that the most convenient library of cryptographic primitives for
OpenSSH to use happens to be in the bottom half of the OpenSSL
package. But there's no reason it couldn't have been the other way
around: if OpenSSH had been written first, it might have had all its
crypto primitives built in and then OpenSSL might have been the one
to borrow them.

PuTTY is an example of an SSH client which has no connection
whatsoever to any SSL implementation of any kind.
Simon Tatham         "You may call that a cheap shot.

Site Timeline