SSH 和 SSL 之间的区别,尤其是在“SFTP"方面对比“基于 SSL 的 FTP" [英] Difference between SSH and SSL, especially in terms of "SFTP" vs. "FTP over SSL"
问题描述
除了 SSH 提供的增强身份验证选项之外,SSH 和 SSL 协议的基本工作之间是否有任何区别?
Apart from enhanced authentication options offered by SSH, is there any difference between basic working of SSH and SSL protocols ?
我问,因为我们可以使用 SFTP 或 FTP over SSL,两者都需要身份验证.
I am asking since we can use SFTP or FTP over SSL, both would require authentication.
推荐答案
SSH 和 SSL 是相似的协议,在幕后都使用大部分相同的加密原语,因此它们彼此一样安全.SSH 的一个优点是使用密钥对身份验证实际上很容易做到,并且直接内置到协议中.
SSH and SSL are similar protocols that both use most of the same cryptographic primitives under the hood, so they are both as secure as each other. One advantage of SSH is that using key-pair authentication is actually quite easy to do, and built right into the protocol.
使用 SSL 时,涉及 CA 证书和其他事情有点混乱.在您拥有 PKI 之后,您还需要配置您的服务以使用 PKI 而不是其内部密码数据库进行身份验证;这对某些服务来说是一场噩梦,而对其他服务来说则是小菜一碟.这也意味着您需要为所有用户的密钥签名,以便他们可以使用这些密钥登录.
With SSL it's a bit of a mess involving CA certificates and other things. After you have the PKI in place you also need to configure your services to use the PKI for authentication instead of its internal password database; this is a nightmare on some services and a piece of cake on others. It also means you need to go to the hassle of signing all of your user's keys so they can log in with them.
大多数有能力的用户都可以立即了解 SSH 密钥,但他们需要更长的时间来了解 SSL 密钥(额外的 CA 证书和密钥证书在我第一次发现时让我感到困惑).
Most competent users can grok SSH keys in no time but it takes a bit longer to get their heads around SSL keys (the extra CA certs and key certs confused me when I first discovered it).
选择可支持的内容.SSH+SFTP 非常适合 Unix 用户,但如果您的用户基于 Windows 并且对 Internet Exploiter 以外的任何东西都一无所知(并且您不介意冒用户选择不安全密码的风险),那么通过 SSL 的 FTP 可能更容易实现).
Pick what's supportable. SSH+SFTP is great for Unix people, but FTP over SSL is probably easier to do if your users are Windows-based and are pretty clueless about anything other than Internet Exploiter (and you don't mind risking that your users will choose insecure passwords).
这篇关于SSH 和 SSL 之间的区别,尤其是在“SFTP"方面对比“基于 SSL 的 FTP"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
