openssh , openssl , and openvpn ?

Discussion in 'Computing and Networks' started by Mathematics!, Dec 12, 2011.

  1. Mathematics!

    Thread Starter Senior Member

    Jul 21, 2008
    1,022
    4
    Questions

    I am wondering what the difference in using ssh tunneling or ssl or tls security for any application/service.
    For instance what is different from using https 443 or tunneling your port 80 http?
    Is one more secure then the other? From a cipher point of view both can be set to use the same cipher so I would think just as secure.

    2)
    What is the difference between vpn and ssh tunneling isn't the vpn just a tunneling protocol?
    Is their anything that ssh tunneling cann't do that vpn can?
    Any reason why you would choose one or the other
     
  2. joeyd999

    AAC Fanatic!

    Jun 6, 2011
    2,684
    2,747
    All three are pretty much as secure as your private key is. VPN and HTTPS require a pair of keys, one public and one private. You can generate your own keys, but the user will get a message indicate that the keys are not published by a valid certificate authority (CA). If you purchase a valid CA, then your security is dependent upon both the CA and you keeping the private keys private.

    You can set SSH tunneling so that it uses a password vs. a public/private key pair. This way, you need not depend on your CA to keep your keys private, and you can change your SSH password as necessary/convenient. To drawback is the user must type in a password each time he uses the tunnel.

    SSH can also be used with a private/public key pair, eliminated the need for the login, but then if the private key gets away from you, your security is shot.
     
  3. Mathematics!

    Thread Starter Senior Member

    Jul 21, 2008
    1,022
    4
    Ok

    I know ssl and tls operate at application/presentation level (above the ip , tcp ,..etc levels).
    I know you can use http + ssl = https , ftp + ssl = sftp , same with email and many others applications/application level services.

    But I am wondering if you created an aribitrary non-secure service that ran on port 74377 or something.
    If you could use ssl or tls at it's presentation level to make an equivalent secure service for it

    For example could you make http port 80 use ssl or would you have to create another service/port for it (i.e like we have it http 80 and https 443 (which is the secured version) )

    Question 2
    What does ssh and ssh tunneling operate at in the tcp/ip stack is it the presentation level or is it lower like the vpn that can operate at layer 2 or 3?

    Because I would think the lower layer secure protocols are a little bit more secure since they would limit attackers from using exploits that only apply to higher layers (since they are encrypted at a lower level)
    So my thought would be using vpn at layer 2 would be a little bit more secure then ssl or other higher layered encryption protocols/services.

    Your thoughts
     
    Last edited: Dec 12, 2011
  4. joeyd999

    AAC Fanatic!

    Jun 6, 2011
    2,684
    2,747
    You have exhausted my knowledge on this issue. Sorry.
     
Loading...