SSH和SSL之间的差异,尤其是在"SFTP"方面对比“基于SSL的FTP" [英] Difference between SSH and SSL, especially in terms of "SFTP" vs. "FTP over SSL"
问题描述
除了SSH提供的增强身份验证选项外,SSH和SSL协议的基本工作方式是否有区别?
Apart from enhanced authentication options offered by SSH, is there any difference between basic working of SSH and SSL protocols ?
我在问,因为我们可以使用 SFTP 或SSL上的FTP,两者都需要身份验证.
I am asking since we can use SFTP or FTP over SSL, both would require authentication.
推荐答案
SSH和SSL是相似的协议,它们都在后台使用了大多数相同的加密原语,因此它们彼此之间同样安全. SSH的优点之一是使用密钥对身份验证实际上非常容易,并且内置在协议中.
SSH and SSL are similar protocols that both use most of the same cryptographic primitives under the hood, so they are both as secure as each other. One advantage of SSH is that using key-pair authentication is actually quite easy to do, and built right into the protocol.
使用SSL时,涉及CA证书和其他内容的情况有些混乱.在安装好PKI之后,还需要配置服务以使用PKI进行身份验证,而不是使用其内部密码数据库.这在某些服务上是一场噩梦,而在其他服务上却是小菜一碟.这也意味着您需要麻烦签署所有用户密钥,以便他们可以使用它们登录.
With SSL it's a bit of a mess involving CA certificates and other things. After you have the PKI in place you also need to configure your services to use the PKI for authentication instead of its internal password database; this is a nightmare on some services and a piece of cake on others. It also means you need to go to the hassle of signing all of your user's keys so they can log in with them.
大多数有能力的用户都可以立即使用SSH密钥,但是要花费更多的时间来掌握SSL密钥(当我第一次发现它时,多余的CA证书和密钥证书就使我感到困惑).
Most competent users can grok SSH keys in no time but it takes a bit longer to get their heads around SSL keys (the extra CA certs and key certs confused me when I first discovered it).
选择支持的内容. SSH + SFTP非常适合Unix用户,但是如果您的用户基于Windows,并且对Internet Exploiter以外的其他信息一无所知,则SSL上的FTP可能更容易实现(并且您不必担心用户会选择不安全的密码) ).
Pick what's supportable. SSH+SFTP is great for Unix people, but FTP over SSL is probably easier to do if your users are Windows-based and are pretty clueless about anything other than Internet Exploiter (and you don't mind risking that your users will choose insecure passwords).
这篇关于SSH和SSL之间的差异,尤其是在"SFTP"方面对比“基于SSL的FTP"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
