SSL (Secure Sockets Layer) / TLS (its modern version) and SSH (Secure Shell)

SSL (Secure Sockets Layer) / TLS (its modern version)

Purpose: Secures data transfer between client and web server.
Used in: HTTPS, email (SMTP over SSL), FTPS, APIs.
Encryption Type: Symmetric encryption for data, asymmetric for key exchange.
Authentication: Validates the identity of the website/server using SSL certificates.
Certificate Authority (CA): Certificates are issued by trusted CAs.
Key Exchange: Uses protocols like RSA, ECDHE, etc.
Data Integrity: Ensures data hasn’t been altered during transmission (via MAC).
Visible in browser: Lock icon in address bar (https://)
Vulnerabilities (if outdated): SSL v2/v3 are deprecated due to security flaws.
Latest Standard: TLS 1.3 (SSL is now obsolete, but term is still widely used).
Client Interaction: Used without user action (just visiting a site).
Setup: Requires certificate installation on the web server.
Tools: OpenSSL, Let’s Encrypt, Certbot.
Common Protocols: HTTPS, FTPS, SMTPS.

Purpose: Securely access and manage servers remotely.
Used in: Server login, Git over SSH, file transfer (SCP, SFTP).
Encryption Type: Symmetric and asymmetric encryption (e.g., RSA, ED25519).
Authentication: Via passwords or key pairs (public/private).
No certificate authority required: Uses individual key pairs.
User Interaction: Requires credentials or private key to access.
Secure Features: Port forwarding, tunneling, command execution.
Shell Access: Gives full terminal/command-line access to server.
Popular Clients: PuTTY (Windows), Terminal/ssh (Linux/Mac), VS Code SSH extension.
Vulnerabilities: Brute-force attacks (if passwords are weak), key theft.
File Transfers: Supports SFTP (Secure FTP) and SCP.
Tunneling: Can tunnel ports for secure communication (e.g., forwarding a local port to a remote database).
Used for automation: In DevOps and CI/CD pipelines (e.g., Jenkins, Ansible).
Logging: Supports session logging and activity monitoring.