Difference between SSH and SSL, especially in terms of "SFTP" vs. "FTP over SSL"

Apart from enhanced authentication options offered by SSH, is there any difference between basic working of SSH and SSL protocols ?

I am asking since we can use SFTP or FTP over SSL, both would require authentication.


Solution 1:

What is the difference between SSH and SSL and why would we care?

SSL stands for "Secure Sockets Layer". We care because it enables browsers to transmit data to and from a web server in a secure cryptographic way to make life hard for third party spies monitoring all internet traffic.

SSH stands for "Secure Shell". We care because it enables a networked computer 1 to provide access to a shell on networked computer 2. The user can have a level of confidence that spies listening to the insecure channel cannot decrypt data sent between the networked computers.

SSL and SSH both have to do with providing a system to encrypt and decrypt data over an insecure channel.

When a browser visits a URL which begins with "https://", the browser speaks HTTP over an SSL connection.

SSL enabled Web Servers (for example Apache HTTP Server) can be configured to use SSL to become a "secure web server". A website served up by a secure web server will cause users to access the URL through the "https://" protocol instead of "http://". With the https protocol the users can have a level of confidence that third party spies monitoring the internet channel will only receive encrypted content.

SSL is a Protocol that could be implemented in the 6th layer (Presentation layer) of the OSI Model.

SSH has its own transport protocol independent from SSL, so that means SSH DOES NOT use SSL under the hood.

Cryptographically, both Secure Shell and Secure sockets Layer are equally secure.

An SSL Termination Proxy can handle incoming SSL connections, decrypting the SSL and passing on the unencrypted request to other servers.

SSL lets you use a PKI (public-key infrastructure) via signed certificates. With SSH you have to exchange the key fingerprints manually through another protocol like ftp or carrier pigeon.

Solution 2:

The main difference is that SSL lets you use a PKI (via signed certificates). In SSH you have to exchange the key fingerprints out-of-band. But you might want to do without a PKI anyway, in which case it's a tie.

For a nice explanation, see http://www.snailbook.com/faq/ssl.auto.html