People often wonder whether SSH uses SSL/TLS for traffic
encryption. The short answer is NO, even though both protocols have
much in common, under the hood SSH has its own transport protocol,
independent from SSL.
- Both of them were created to secure and encrypt traffic between
clients and servers (SSL for website traffic, SSH for remote
control over host)
- They both start with asymmetric encryption in order to negotiate
static key for the rest of the session using symmetric encryption
(SSH uses proprietary key exchange protocol, SSL/TLS uses PKI
Also keep in mind that both were developed almost in parallel
somewhere in 1995 (SSL1.0 was first though) so they couldn’t
actually use each other’s implementation at the time.
However, instead of comparing both protocols, I would like to
dedicate most of this post to the attempt to combine both protocols
in order to achieve the most secure, scalable and easy-to-use mass
scale SSH control over multiple Linux servers.