The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".
The following errata were submitted by our customers and approved as valid errors by the author or editor.
| Version |
Location |
Description |
Submitted By |
Date Submitted |
Date Corrected |
| Printed |
Page xii
2nd from top line |
In First Edition - [5/01] printing:
"and servers. serverwide configuration..."
should read
"and servers, serverwide configuration..."
Note from the Author or Editor:
This suggestion is correct; thanks! |
Anonymous |
|
|
| Printed |
Page xiii
3rd line from bottom |
In First Edition - [5/01] printing:
"labled K."
should read
"labeled K."
Note from the Author or Editor:
This suggestion is correct; thanks! |
Anonymous |
|
|
| Other Digital Version |
ch8
section "Security issues" |
The phrase "sense of false security" should be "false sense of security". The former means that the person would become suspicious of the security being false. Presumably, the author meant that the sense was false, not just the security, and that the sense was of security, not insecurity.
Note from the Author or Editor:
Page 333, paragraph 2, line 2: change "sense of false security" to "false sense of security".
|
Jeremy Laidman |
Jan 07, 2013 |
|
| Printed |
Page iv
In the last line of the first paragraph, changed "the the topic of SSH" |
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page xiii
In the second line of the last paragraph, changed "measns" to "means". |
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page xiii
At the top of the page |
...Unix SSH versions"
NOW READS:
...Unix SSH versions:
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page xiii
6th from last line |
"new terms whre they are defined."
NOW READS:
"new terms where they are defined."
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page xiii
Third from last line |
labeled K. "Secured" measns encrypted, ...
NOW READS:
labeled K. "Secured" means encrypted, ...
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 38-39
The last line on page 38 and the first two lines on page 39 |
("SecureFX... with SSH1") have been replaced with the following text:
"SecureFX, and both a client and server in OpenSSH). The OpenSSH sftp
can run over either SSH-1 or SSH-2, whereas the SSH2 version only runs
over SSH-2 due to implementation details."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 43
last paragraph |
Change "should it be distinguish" to
"should it be able to distinguish"
Note from the Author or Editor:
This suggestion is correct; thanks! |
Anonymous |
|
|
| Printed |
Page 45
section 3.1.5, last sentence |
"access SSH public keys on remote machines"
NOW READS:
"use SSH private keys held on remote machines".
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 64
2nd line of config file sample (in constant width type) |
"...domains one.foo.org and two.foo.com"
NOW READS:
"...domains one.foo.com and two.foo.com"
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 75
bullet list |
In the bullet list at the top of the page (and the bottom of the
preceeding page) there are 6 items. The last two are "stronger
integrity checking ..." and "periodic replacement of the session
key". For each of these items, there is a section giving details
in the next several pages. There is, however, an extra section
on page 78 (3.5.1.6 in my copy) between the two sections on integrity
checking and session rekeying. This talks about Hostbased authenti-
cation, a topic which does not appear on the bullet list. This is
hardly a big deal, but maybe in the interests of completeness there
should be an additional bulleted item about hostbased authentication
on the list on page 75.
Note from the Author or Editor:
Old edition of the book from 2001, long out of print. |
Anonymous |
|
|
| Printed |
Page 82
third paragraph, fourth sentence |
Text reads: "The following example shows the public keys for one SSH server running
on wynken, port 22, and two running on blynken, ports 22 and 220."
The example actually shows one SSH server running on blynken and two running on
wynken.
Note from the Author or Editor:
Old edition of the book from 2001, long out of print. |
Anonymous |
|
|
| Printed |
Page 84
first sentence, fifth paragraph |
Text reads: "Since ssh-signer2 is a relatively small and simple, ..."
Should read: "Since ssh-signer2 is relatively small and simple, ..."
or
"Since ssh-signer2 is a realatively small and simple program, ..."
Note from the Author or Editor:
Change to: "Since ssh-signer2 is relatively small and simple, ..."
Thanks! |
Anonymous |
|
|
| Printed |
Page 88
paragraph 5 |
Shouldn't the sentence
"If existing FTP implementations could easily be made to operate
over SSH, there would be no need for ssh, ...."
read
"... there would be no need for scp, ..."
Surely the ability of FTP to do something doesn't influence the need
for ssh in a more general context, even it it does have a bearing on
the file transfer situation. At the very least, this is confusing
wording.
Note from the Author or Editor:
Change to: "... there would be no need for scp, ..."
Thanks! |
Anonymous |
|
|
| Printed |
Page 88
In the third line of the fourth paragraph of section 3.8, changed "over a |
the single" to "over the single".
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 89
In the footnote, changed "SSH1" to "SSH-1." |
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 90
In the last paragraph, changed the sshd2_config file's path from |
"/etc/sshd2_config" to "/etc/ssh2/sshd2_config".
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 96
I believe there is an error on page 96 of the SSH, the Secure Shell |
book, printing date February 2001. In section 3.9.2.3, the description of the
action of 3DES says the algorithm encrypts plaintext with three iterations
of the DES algorithm, using three separate keys. In truth, only two keys
are used -- the first key is used twice, during the first and third iterations.
Note from the Author or Editor:
Old edition of the book from 2001, long out of print. |
Anonymous |
|
|
| Printed |
Page 153
5.4.2.2, example |
cf. the box on p. 155 and p. 363:
Umask 022
sould read
Umask 0022
Note from the Author or Editor:
The suggested change is correct. Thanks! |
Anonymous |
|
|
| Printed |
Page 154
In the last paragraph, changed "more than ListenAddress line" to "more |
than one ListenAddress line".
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 155
|
Editing /etc/services:
Line reads
"ssh tcp/22"
should read
"ssh 22/tcp"
Note from the Author or Editor:
The suggested change is correct. Thanks! |
Anonymous |
|
|
| Printed |
Page 178,179
Second paragraph on 178 and Second paragraph on 179 |
On 178 the indication is that only SSH1 & SSH2 support the '@host' construct
for AllowUsers.
On 179, the wildcard example uses the '@' construct and is labeled as being
valid for SSH1, SSH2, OpenSSH.
These cannot both be true - either OpenSSH supports host-address
restrictions or it does not, regardless of wildcards.
I believe that p178 is correct, and OpenSSH does NOT support hostnames in
the sshd config file.
OpenSSH does support host restrictions in the individuals authorised_keys
file, using the "from=the.host.name" construct.
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 179
mid-page |
Section 5.5.2.1 addresses Account access control, specifically use of AllowUsers and
DenyUsers. On page 179 at mid-page, the examples go from using AllowUsers to
AllowHosts with the sytax for AllowUsers and then back to using AllowUsers at the
bottom of the page. AllowHosts and DenyHosts is not discussed until Section 5.5.2.3.
All examples on page 179 should read AllowUsers.
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 179
Last line of code before last paragraph |
Line reads: "AllowUsers "*@10.1.1.[:isdigit:]##"
Should read: "AllowUsers "*@10.1.1.[:digit:]##"
Note from the Author or Editor:
The suggested change is correct. Thanks! |
Anonymous |
|
|
| Printed |
Page 182
second line of second paragraph of 5.5.2.3 |
sentence reads:
... access by s host more concisely, getting rid of the unnecessary account-name ...
probably mean, "... access by a host ..."?
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 183
Last line before bulleted list |
The title of the bulleted list reads: "As for AllowHosts and DenyHosts:".
However, the bulleted list for AllowHosts and DenyHosts is on the middle of page 182.
This line should read "As for AllowShosts and DenySHosts". This is perfectly clear
from the last bullet point which is on page 184.
Note from the Author or Editor:
Delete from "As for AllowHosts and DenyHosts:" to the end of the section.
Replace with: "The same bulleted restrictions noted in the previous section for AllowHosts and DenyHosts, apply to AllowSHosts and DenySHosts as well."
Thanks! |
Anonymous |
|
|
| Printed |
Page 190
In the second sentence of section 5.6.4.1, the command "touch /etc/ |
login" now reads "touch /etc/nologin".
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 213
1st paragraph |
The end of the sentence should be corrected to "... your public
key file:"
Losing one's private key file is in my opinion a major problem...
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 215
In last sentence of #3 |
Last sentence of number three reads: "Therefore, keys are a quick and convenient
method for checking that a key is unaltered."
Should read: "Therefore, fingerprints are a quick and . . ."
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 219
In the middle of the page, changed the command line |
$ unset SSH_AGENT_PID
to:
$ unset SSH_AGENT_PID #SSH uses SSH2_AGENT_PID instead
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 230
First complete paragraph, lines 4-6. |
Line 4, second-last word: typo "USENRAME" should be "USERNAME".
Line 6, first word: "STRING" should be in the same typestyle as "USERNAME" on line 4.
|
Anonymous |
|
|
| Printed |
Page 241
Figure 7-1 |
In the right-hand column ("Files" for the SSH server), there are some typos.
The word "environment" is misspelled as "enviroment" (twice) and near the
bottom you see "/~.k5login" which should be "~/.k5login".
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 242
In the second paragraph of section 7.1.3, deleted the paragraph separator |
in the first line, after "specifying 276".
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 242
Section 7.1.3 (Client Configuration Files), second paragraph, first line |
"In a client configuration file, client settings are changed by specifying 276 <linebreak> keywords and values."
NOW READS:
"In a client configuration file, client settings are changed by specifying keywords and values."
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 246
The last sentence in the first paragraph said that "the earliest value |
takes precedence" when the same keyword has multiple values. This is true for
SSH1 and OpenSSH, but for SSH2 it is the latest value that takes precedence.
The sentence has been changed to:
"Every matching section applies, and if a keyword is set more than once
with different values, only one value applies. For SSH1 and OpenSSH,
the earliest value takes precedence, whereas for SSH2 the latest value
wins."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 254
In the SSH2 column of the table at the bottom of the page, the first |
section (sally-account: User sally) and third section (sally*-account: Host
server.example.com, Compression yes) have been swapped.
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 254
|
The sentence immediately following the table did read:
"Since sally*-account matches both previous sections..."
Now reads:
"Since sally*-account matches both other sections..."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 265
|
The second paragraph used to read:
"Batch mode may enabled for..."
Now it reads:
"Batch mode may be enabled for..."
|
Anonymous |
|
Aug 01, 2001 |
| Printed |
Page 266
|
The third line of the second paragraph used to read:
"...and contains name of the character device file..."
Now it reads:
"...and contains the name of the character device file..."
|
Anonymous |
|
Aug 01, 2001 |
| Printed |
Page 266
first complete paragraph, third line, third word |
"contains name"
NOW READS:
"contains the name"
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 279
|
The last paragraph of the second bulleted item used to read:
"...sftp, then these programs run ssh2..."
Now it reads:
"...sftp, when these programs run ssh2..."
|
Anonymous |
|
Aug 01, 2001 |
| Printed |
Page 279
|
The third line of the second to last paragraph used to read:
"...by a evil intruder?"
Now it reads:
"...by an evil intruder?"
|
Anonymous |
|
Aug 01, 2001 |
| Printed |
Page 292
|
The last sentence in the second-to-last paragraph did read:
"...the earliest value is the winner."
Now reads:
"...the earliest (SSH1, OpenSSH) or latest (SSH2) value is the winner."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 300
8.2.4.1, 2nd sentence |
... at least as secure a ...
should read
... at least as secure as a ...
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 311
section 8.2.7 |
The "idle-timeout" directive is described as being applicable to both SSH1 and OpenSSH.
but, the "idle-timeout" authorized_keys option is available in SSH1 only.
|
Anonymous |
|
|
| Printed |
Page 311
First sentence on page |
First sentence reads: "Timeouts are set in with the idle-timeout option."
Should remove the word 'in' so the sentence reads: "Timeouts are set with the idle-
timeout option."
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 323
In the last line of the second-to-last paragraph, changed |
"(localhost,143) to (H,2001)" to "(H,2001) to (localhost,143)."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 324
In the warning, replaced the sentence beginning |
"There would have to be a way..."
With the following text:
"The SSH-1 protocol lacks the ability to indicate this difference.
SSH-2 can indicate it, but current clients always just request
listening on all addresses, anyway."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 330
first sentence of last paragraph |
First sentence reads: "In addition to any physical network interfaces it may have, a
host running IP has also has a virtual one called, the loopback interface."
One of the "has" words should be deleted.
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 331
In the first footnote, changed "24 million" to "16 million." |
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 332
In the command after the 2nd paragraph, changed |
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 341
Third sentence of second paragraph |
Sentence reads: "You log into one of these machines using SSH, and want to run an
graphical performance-monitoring tool,"
Should read: "... and want to run a graphical ..."
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 344
Figure 9-10 X forwarding |
Currently, the dotted circle on the left is labelled "X client"
and the dotted circle on the right "X server".
The labels should be the other way around, "X server" on the left
and "X client" on the right.
|
Anonymous |
|
|
| Printed |
Page 351
|
The sixth line in section 9.3.6.1 did read:
"allow all connections from the your PC..."
Now reads:
"allow all connections from your PC..."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 352
|
The first line did read:
"should only do this when the both machines..."
Now reads:
"should do this only when both machines..."
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 356
In the description for sshdfwd-N, only "sshdfwd-2001" should be in |
constant width font; "service" should not.
|
Anonymous |
|
Mar 01, 2001 |
| Printed |
Page 361
--without-rsh |
The book says "... or at runtime in the server-wide configuration file."
This is not correct as there is no sshd option for this. This belongs to the
client specific configuration, cf. p. 125 (4.1.5.12) and p. 269.
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 390
3rd full para |
Last sentence: /decisions based on the their contents
should be
/decisions based on their contents/
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 392
Note (footprints) |
s/port -orwarding/port forwarding/
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 406
fourth typed code (constant width) example |
the third constant width code example cites the -q argument to ssh (for
supressed output), while the fourth expands it to -w, a non-existent option.
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 407
Example Code (Perl) |
line 15: "else if" HAS BEEN REPLACED WITH "elsif"
line 17: NOW READS: $command = "exec /etc/r${method}d";
426) The seventh line:
$ kdb5_util create
NOW READS:
$ kdb5_util create -s
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 461
Just below the www.oreilly.com URL |
The label "Authors' Online Resources"
NOW READS: "Author's Web Site".
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 467
Contact row of the Mathur Port column |
The URL "ftp://ftp.cs.hut.fi/pub/ssh/contrib/"
NOW READS:
"ftp://ftp.franken.de/pub/win32/develop/gnuwin32/cygwin/porters/Mathur_Raju/"
|
Anonymous |
|
Feb 01, 2004 |
| Printed |
Page 470
Chapter 13, Section 13.4 |
ftp://ftp.cs.hut.fi/pub/ssh/contrib/ssh.el
Replaced with:
http://munitions.vipul.net/software/network/ssh/ssh.el
ftp://ftp.cs.hut.fi/pub/ssh/contrib/ssh-keyscan-0.3.tar.gz
Replaced with:
ftp://cag.lcs.mit.edu/pub/dm/source/ssh-keyscan-0.3b.tar.gz
|
Anonymous |
|
Aug 01, 2001 |
| Printed |
Page 509
keyword Macs |
keyword Macs should be MAC (according to p. 165)
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 509
keyword IgnoreRootRhosts |
p. 169 says the meaning of the keyword IgnoreRootRhosts is to ignore /.rhosts
and /.shosts and not just "Ignore /.rhosts files"
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 509
keyword IgnoreUserKnownHosts |
keyword IgnoreUserKnownHosts is valid for OpenSSH only (according to p. 171)
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 512
keyword Host |
keyword Host does not mark the beginning of a section for SSH2; for SSH2 it defines a host's real name (cf. 244 + 248)
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 512
keyword FallBackToRsh |
keyword FallBackToRsh applies to SSH2 as well (according to p. 269)
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 514
keyword PGPSecretKeyFile |
keyword PGPSecretKeyFile is not a ssh keyword (cf. p. 172)
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 514
keyword UseRsh |
keyword UseRsh applies to SSH2 as well (according to p. 269)
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 515
option -g |
option -g applies to SSH1 and OpenSSH only (according to p. 323)
Note from the Author or Editor:
Book is long out of print. |
Anonymous |
|
|
| Printed |
Page 519
Environment Variables |
SSH2_ORIGINAL_COMMAND is missing under environment variables (see p. 304)
|
Anonymous |
|
|
| Printed |
Page 541
In the second paragraph of the Colophon, changed "mollusca" to |
|
Anonymous |
|
Mar 01, 2001 |
