ssh browser? where?

Thomas Jollans thomas at jollybox.de
Sun Sep 5 16:31:49 CEST 2010


On Sunday 05 September 2010, it occurred to alex goretoy to exclaim:
> why not ssh browser traffic? why use SSL certificate authorities which
> can't be trusted in the first place?
> Is SSH not proven to be secure?
> 
> To this day I have not seen ssh module for say Apache web server, why not?
> 
> I understand this maybe wrong list to ask this question, but I love you
> guys so much at python and I think your smart... :)

Umn. Yes, wrong list. Still,

SSH is "secure shell". Shell ≠ WWW.

TLS/SSL is secure. Once you have an encrypted connection to the correct party, 
the information you send over that connection is just as illegible to the 
outsider as it'd be over an SSH connection. If you're connected to someone 
other than you think you are connected to, then all the encryption in the 
world won't help you. (man-in-the-middle attack)

With SSH, this isn't that big a problem: you only connect to a machine over 
SSH if you have an account there. Since this tends to be a relatively small 
number of machines, it's relatively easy to manually check the server's key 
fingerprint. The authenticity of the server's key must be checked to prevent 
an attack, and the status quo with SSH is that the user does it, which is 
arguably the most secure model anyway.

On the web, you might connect to any number of servers. Manually checking 
every single key would be a gargantuan and certainly not very rewarding task. 
THAT's where certificate authorities come in. They're a reasonable way to 
automatically check the validity of a server's key, so you don't have to. Now, 
in theory, you should verify the integrity of the certificate authorities 
yourself before trusting their judgement, but in practice, you leave that 
daunting task to your operating system and/or web browser vendor. There are a 
number of weak spots, but there are also rather strict audits going on all 
over the place. 

If we were to use SSH on the web, which is certainly not the point of SSH, 
we'd still need some kind of certificate authority to make the whole system 
workable.



More information about the Python-list mailing list