Reputation: 1035
Can SSH be used to encrypt communication between applications like SSL/TLS?
I saw a lot of questions and posts about the difference between SSL/TLS and SSH like
- Difference between SSH and SSL, especially in terms of “SFTP” vs. “FTP over SSL”
- SSH vs SSL
- What is the difference between SSL vs SSH? Which is more secure?
I got the concept. They both provide encryption, but are not used for the same things. This post says, that this is mostly a historical decision. Currently I'm using TLS to secure the connections between my server and client applications (OpenSSL and Sockets). I'm just curious if it would be technically possible and reasonable to use SSH where SSL is used? Are there any drawbacks or obstacles?
Note: I know that SSH is also an application, which can be used to remote connect to another pc. But I'm not interested in the application, just the protocol.
Upvotes: 0
Views: 849
Answers (1)
Reputation: 202222
Yes you can use SSH for the same purpose.
Though as TLS (SSL) is more commonly used for the task, there are libraries to create an TLS-encrypted socket, both server- and client- side, which you use to implement your own protocol.
I'm not sure there are libraries to easily create SSH-encrypted sockets (without all the other SSH stuff, like authentication). I assume some SSH libraries can do that.
Though I do not think there's any advantage in using SSH over TLS. And for TLS you will find much more examples.
Reaction to comment by @Jakuje:
With SSH, you still need to verify the host key, what is the equivalent to verifying the TLS certificate. While there's well established way to distribute, sign, revoke, etc... certificates, there's no equivalent for host keys in the standard SSH. The host key is like a self-signed certificate.
So you have to hard code the expected host key to your application. If you ever need to change the server-side private key (because you lose it or it gets compromised), the clients stop working.
Note that OpenSSH has proprietary support for hostkeys signed by certificates. That's more close to TLS, but OpenSSH certificates do not have certificate chain that link your hostkey to a trusted root certificate built-in into your system (the way it's typical with TLS). So you have to approve the certificate manually, at least once.
Upvotes: 1
Related Questions
- Is TLS over TLS possible?
- Can I use SSH and HTTPS both for single git account?
- ssh tunneling with certification: how?
- Use Go to encrypt message with ssh-rsa public key which then can be decrypted using openssl rsautl -decrypt
- ssh between client and server : How does server decrypt the data send by client to it?
- Details of SSL communication
- Making use of ssh keys for authentication in other applications?
- SSH Communication Using Public and Private Keys
- SSL encryption without validation (SSH Like)
- From an established ssh connection, what is a good way to encrypt messages on the side?