SSH, The Secure Shell: The Definitive Guide, Second Edition

Print $39.95

Print+Ebook $43.95

Ebook $31.99

(PDF)

Safari Books Online

What is this?

Print £30.50

What is this?

SSH, The Secure Shell: The Definitive Guide, Second Edition

By: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
Publisher:: O'Reilly Media
Released:: May 2005
Pages:: 672

Product Editions

Description

SSH is a popular protocol for securing your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. Everything you want to know about SSH is in our second edition of SSH, The Secure Shell: The Definitive Guide. This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users.

Full Description

Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively. Everything you want to know about SSH is in our second edition of SSH, The Secure Shell: The Definitive Guide. This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution. How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration. Written for a wide, technical audience, SSH, The Secure Shell: The Definitive Guide covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, our indispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks. No matter where or how you're shipping information, SSH, The Secure Shell: The Definitive Guide will show you how to do it securely.

Table of Contents

Chapter 1 Introduction to SSH
1. What Is SSH?
2. What SSH Is Not
3. The SSH Protocol
4. Overview of SSH Features
5. History of SSH
6. Related Technologies
7. Summary
Chapter 2 Basic Client Use
1. A Running Example
2. Remote Terminal Sessions with ssh
3. Adding Complexity to the Example
4. Authentication by Cryptographic Key
5. The SSH Agent
6. Connecting Without a Password or Passphrase
7. Miscellaneous Clients
8. Summary
Chapter 3 Inside SSH
1. Overview of Features
2. A Cryptography Primer
3. The Architecture of an SSH System
4. Inside SSH-2
5. Inside SSH-1
6. Implementation Issues
7. SSH and File Transfers (scp and sftp)
8. Algorithms Used by SSH
9. Threats SSH Can Counter
10. Threats SSH Doesn't Prevent
11. Threats Caused by SSH
12. Summary
Chapter 4 Installation and Compile-Time Configuration
1. Overview
2. Installing OpenSSH
3. Installing Tectia
4. Software Inventory
5. Replacing r-Commands with SSH
6. Summary
Chapter 5 Serverwide Configuration
1. Running the Server
2. Server Configuration: An Overview
3. Getting Ready: Initial Setup
4. Authentication: Verifying Identities
5. Access Control: Letting People In
6. User Logins and Accounts
7. Forwarding
8. Subsystems
9. Logging and Debugging
10. Compatibility Between SSH-1 and SSH-2 Servers
11. Summary
Chapter 6 Key Management and Agents
1. What Is an Identity?
2. Creating an Identity
3. SSH Agents
4. Multiple Identities
5. PGP Authentication in Tectia
6. Tectia External Keys
7. Summary
Chapter 7 Advanced Client Use
1. How to Configure Clients
2. Precedence
3. Introduction to Verbose Mode
4. Client Configuration in Depth
5. Secure Copy with scp
6. Secure, Interactive Copy with sftp
7. Summary
Chapter 8 Per-Account Server Configuration
1. Limits of This Technique
2. Public-Key-Based Configuration
3. Hostbased Access Control
4. The User rc File
5. Summary
Chapter 9 Port Forwarding and X Forwarding
1. What Is Forwarding?
2. Port Forwarding
3. Dynamic Port Forwarding
4. X Forwarding
5. Forwarding Security: TCP-Wrappers and libwrap
6. Summary
Chapter 10 A Recommended Setup
1. The Basics
2. Compile-Time Configuration
3. Serverwide Configuration
4. Per-Account Configuration
5. Key Management
6. Client Configuration
7. Remote Home Directories (NFS, AFS)
8. Summary
Chapter 11 Case Studies
1. Unattended SSH: Batch or cron Jobs
2. FTP and SSH
3. Pine, IMAP, and SSH
4. Connecting Through a Gateway Host
5. Scalable Authentication for SSH
6. Tectia Extensions to Server Configuration Files
7. Tectia Plugins
Chapter 12 Troubleshooting and FAQ
1. Debug Messages: Your First Line of Defense
2. Problems and Solutions
3. Other SSH Resources
Chapter 13 Overview of Other Implementations
1. Common Features
2. Covered Products
3. Other SSH Products
Chapter 14 OpenSSH for Windows
1. Installation
2. Using the SSH Clients
3. Setting Up the SSH Server
4. Public-Key Authentication
5. Troubleshooting
6. Summary
Chapter 15 OpenSSH for Macintosh
1. Using the SSH Clients
2. Using the OpenSSH Server
Chapter 16 Tectia for Windows
1. Obtaining and Installing
2. Basic Client Use
3. Key Management
4. Accession Lite
5. Advanced Client Use
6. Port Forwarding
7. Connector
8. File Transfers
9. Command-Line Programs
10. Troubleshooting
11. Server
Chapter 17 SecureCRT and SecureFX for Windows
1. Obtaining and Installing
2. Basic Client Use
3. Key Management
4. Advanced Client Use
5. Forwarding
6. Command-Line Client Programs
7. File Transfer
8. Troubleshooting
9. VShell
10. Summary
Chapter 18 PuTTY for Windows
1. Obtaining and Installing
2. Basic Client Use
3. File Transfer
4. Key Management
5. Advanced Client Use
6. Forwarding
7. Summary

Appendix A OpenSSH 4.0 New Features
1. Server Features: sshd
2. Client Features: ssh, scp, and sftp
3. ssh-keygen
Appendix B Tectia Manpage for sshregex
1. Regex Syntax: Egrep Patterns
2. Regex Syntax: ZSH_FILEGLOBTectia (continued)sshregex manpageZSH_FILEGLOB sshregex (Tectia) manpageZSH_FILEGLOB regular expressions manpage (Tectia)ZSH_FILEGLOB (or Traditional) Patterns
3. Character Sets for Egrep and ZSH_FILEGLOB
4. Regex Syntax: SSH Patterns
5. Authors
6. See Also
Appendix C Tectia Module Names for Debugging
Appendix D SSH-1 Features of OpenSSH and Tectia
1. OpenSSH Features
2. Tectia Features
Appendix E SSH Quick Reference
1. Legend
2. sshd Options
3. sshd Keywords
4. ssh Options
5. scp Options
6. ssh and scp Keywords
7. ssh-keygen Options
8. ssh-agent Options
9. ssh-add Options
10. Identity and Authorization Files, OpenSSH
11. Identity and Authorization Files, Tectia
12. Environment Variables
Colophon

Product Details

Title:

SSH, The Secure Shell: The Definitive Guide, Second Edition

By:

Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

Publisher:

O'Reilly Media

Formats:

Print
Ebook
Safari Books Online

Print Release:

May 2005

Ebook Release:

June 2009

Pages:

672

Print ISBN:

978-0-596-00895-6

| ISBN 10:

0-596-00895-3

Ebook ISBN:

978-0-596-55679-2

| ISBN 10:

0-596-55679-9

Customer Reviews

About the Authors

Daniel J. Barrett

Daniel J. Barrett has been immersed in Internet technology since 1985. Currently working as a software engineer, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. He is the author of O'Reilly's Linux Pocket Guide, and is the coauthor of Linux Security Cookbook, and the first edition of SSH, The Secure Shell: The Definitive Guide. He also writes monthly columns for Compute! and Keyboard Magazine, and articles for the O'Reilly Network.

View Daniel J. Barrett's full profile page.
Richard E. Silverman

Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. He co-authored the first edition of SSH, The Secure Shell: The Definitive Guide.

View Richard E. Silverman's full profile page.
Robert G. Byrnes

Robert G. Byrnes, Ph.D., has been hacking on Unix systems for twenty years, and has been involved with security issues since the original Internet worm was launched from Cornell University, while he was a graduate student and system administrator. Currently, he's a software engineer at Curl Corporation, and has worked in the fields of networking, telecommunications, distributed computing, financial technology, and condensed matter physics.

View Robert G. Byrnes's full profile page.

Colophon

About the Authors Daniel J. Barrett, Ph.D., has been immersed in Internet technology since 1985. Currently working as a software engineer, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. He is the author of O'Reilly's Linux Pocket Guide, and is the coauthor of Linux Security Cookbook and the first edition of SSH, The Secure Shell: The Definitive Guide. He also writes monthly columns for Compute! and Keyboard Magazine, as well as articles for the O'Reilly Network. Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. He coauthored the first edition of SSH, The Secure Shell: The Definitive Guide, and he loves to read, study languages and mathematics, sing, dance, and exercise. Robert G. Byrnes, Ph.D., has been hacking on Unix systems for 20 years, and has been involved with security issues since the original Internet worm was launched from Cornell University, while he was a graduate student and system administrator. Currently, he's a software engineer at Curl Corporation. He has worked in the fields of networking, telecommunications, distributed computing, financial technology, and condensed matter physics. Colophon Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of SSH, the Secure Shell: The Definitive Guide is a land snail (Mollusca gastropoda). A member of the mollusk family, a snail has a soft, moist body that is protected by a hard shell, into which it can retreat when in danger or when in arid or bright conditions. Snails prefer wet weather and, though not nocturnal, will stay out of bright sun. At the front of a snail's long body are two sets of tentacles: its eyes are at the end of one set, and the other set is used for smelling and navigation. Land snails are hermaphrodites, each having both female and male sex organs, though a snail must mate with another snail in order for fertilization to occur. A snail lays eggs approximately six times a year, with almost 100 eggs each time. Young snails hatch in a month and become adults in two years. A snail's life span is approximately 5-10 years. Known as a slow mover, a snail moves by muscles on its underside that contract and expand, propelling the snail along at a slow pace. It leaves a wet trail of mucus, which protects the snail from anything sharp it may need to crawl over as it searches for food. The snail's diet of plants, bark, and fruits causes it to be a pest in many parts of the world where it is notorious for destroying crops. Mary Brady was the production editor for SSH, the Secure Shell: The Definitive Guide . Audrey Doyle proofread the book. Marlowe Shaeffer and Mary Anne Weeks Mayo provided quality control. Lydia Onofrei provided production assistance. John Bickelhaupt wrote the index. Ellie Volckhausen designed the cover of this book, based on a series design by Edie Freedman. The cover image is an original engraving from the book Natural History of Animals by Sanborn Tenney and Abby A. Tenney, published by Scribner, Armstrong & Co. in 1873. Karen Montgomery produced the cover layout with Adobe InDesign CS using Adobe's ITC Garamond font. David Futato designed the interior layout. This book was converted by Keith Fahlgren to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano, Jessamyn Read, and Lesley Borash using Macromedia FreeHand MX and Adobe Photoshop CS. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Nicole Arigo.

Service and support by Satisfaction

O'Reilly Books & Videos

SSH, The Secure Shell: The Definitive Guide, Second Edition

Chapter 1 Introduction to SSH

What Is SSH?

What SSH Is Not

The SSH Protocol

Overview of SSH Features

History of SSH

Related Technologies

Summary

Chapter 2 Basic Client Use

A Running Example

Remote Terminal Sessions with ssh

Adding Complexity to the Example

Authentication by Cryptographic Key

The SSH Agent

Connecting Without a Password or Passphrase

Miscellaneous Clients

Summary

Chapter 3 Inside SSH

Overview of Features

A Cryptography Primer

The Architecture of an SSH System

Inside SSH-2

Inside SSH-1

Implementation Issues

SSH and File Transfers (scp and sftp)

Algorithms Used by SSH

Threats SSH Can Counter

Threats SSH Doesn't Prevent

Threats Caused by SSH

Summary

Chapter 4 Installation and Compile-Time Configuration

Overview

Installing OpenSSH

Installing Tectia

Software Inventory

Replacing r-Commands with SSH

Summary

Chapter 5 Serverwide Configuration

Running the Server

Server Configuration: An Overview

Getting Ready: Initial Setup

Authentication: Verifying Identities

Access Control: Letting People In

User Logins and Accounts

Forwarding

Subsystems

Logging and Debugging

Compatibility Between SSH-1 and SSH-2 Servers

Summary

Chapter 6 Key Management and Agents

What Is an Identity?

Creating an Identity

SSH Agents

Multiple Identities

PGP Authentication in Tectia

Tectia External Keys

Summary

Chapter 7 Advanced Client Use

How to Configure Clients

Precedence

Introduction to Verbose Mode

Client Configuration in Depth

Secure Copy with scp

Secure, Interactive Copy with sftp

Summary

Chapter 8 Per-Account Server Configuration

Limits of This Technique

Public-Key-Based Configuration

Hostbased Access Control

The User rc File

Summary

Chapter 9 Port Forwarding and X Forwarding

What Is Forwarding?

Port Forwarding

Dynamic Port Forwarding

X Forwarding

Forwarding Security: TCP-Wrappers and libwrap

Summary