What's the difference between Linux-ssl and SSH and Openssh,openssl?

Source: Internet
Author: User
Tags openssl library ssh server

SSL is an additional layer of communication links. Can contain many protocols. HTTPS, FTPs, .....

SSH is just an encrypted shell, originally used to replace Telnet. The port forward also allows other protocols to be encrypted via SSH tunneling.

SSL is an international standard for encrypting and authenticating communication protocols, and your browser supports this protocol. SSL (Secure Sockets Layer) was originally developed by the American Netscape Company, and later became the standard for secure communication and transactions on Internet networks. The SSL protocol uses client certificates and CA root certificates from both sides of the communication to allow client/server applications to communicate in a way that cannot be overheard, establishing a secure, trusted communication channel between the communicating parties. It has the following basic characteristics: information confidentiality, information integrity, mutual identification. Primarily used to increase the safety factor of data between applications. The entire concept of the SSL protocol can be summed up as a protocol that guarantees the transaction security of any client and server that has a secure socket installed, which involves all TC/IP applications.


The English name of SSH is secure SHell. By using SSH, you can encrypt all transmitted data so that the "man-in-the-middle" attack is not possible, and it can prevent DNS and IP spoofing. An additional benefit is that the transmitted data is compressed so that the transfer speed can be speeded up. SSH has a number of features that can replace Telnet and provide a secure "channel" for FTP, pop, and even PPP. SSH is made up of client and server software, and there are two incompatible versions: 1.x and 2.x respectively. SSH 2.x client program is not connected to the SSH 1.x service program up. The OpenSSH 2.x also supports SSH 1.x and 2.x. How SSH security verification works from the client side, SSH provides two levels of security verification. First level (password-based security authentication) you can log on to the remote host as long as you know your account and password. All transmitted data will be encrypted, but there is no guarantee that the server you are connecting to is the one you want to connect to. There may be other servers impersonating a real server, which is an attack by the "middleman". The second level (key-based security verification) relies on the key, which means you must create a pair of keys for yourself and place the public key on the server you need to access. If you are connecting to an SSH server, the client software makes a request to the server requesting security verification with your key. After the server receives the request, look for your public key in the home directory of the server and compare it to the public key you sent over. If the two keys are consistent, the server encrypts the "Challenge" (challenge) with a public key and sends it to the client software. After the client software receives a "challenge", it can use your private key to decrypt it and send it to the server. In this way, you must know the password of your secret key. However, the second level does not require a password to be sent over the network compared to the first level. The second level not only encrypts all transmitted data, but the "man in the middle" approach is also impossible (because he does not have your private key). However, the entire login process may take up to 10 seconds.

OpenSSL------A C-language function library, which is the implementation of the SSL protocol.

OpenSSH-----is the implementation of the SSH protocol.

SSH leverages the libraries provided by OpenSSL. OpenSSL also has a tool called OpenSSL, which is the command-line interface for the library in OpenSSL.

From the compilation dependency:

OpenSSH relies on OpenSSL, and without OpenSSL, OpenSSH will not compile and run.

HTTPS can use the TLS or SSL protocol, and OpenSSL is an open source implementation of the TLS, SSL protocol, which provides development libraries and command-line programs. OpenSSL is excellent, so many of the areas involving data encryption and transmission encryption will be done using OpenSSL's library.

It can be understood that all HTTPS uses OpenSSL. Execute command as root: Grep-l ' libssl.*deleted '/proc/*/maps | TR-CD 0-9\\n | Xargs-r PS U, you can see which processes have loaded the old version of the OpenSSL library.

What's the difference between Linux-ssl and SSH and Openssh,openssl?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.