Book description
Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively.Everything you want to know about SSH is in our second edition of SSH, The Secure Shell: The Definitive Guide. This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution.How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration.Written for a wide, technical audience, SSH, The Secure Shell: The Definitive Guide covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, our indispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks.No matter where or how you're shipping information, SSH, The Secure Shell: The Definitive Guide will show you how to do it securely.
Publisher resources
Table of contents
- SSH, the Secure Shell, 2nd Edition
- Preface
- 1. Introduction to SSH
- 2. Basic Client Use
-
3. Inside SSH
- Overview of Features
- A Cryptography Primer
- The Architecture of an SSH System
- Inside SSH-2
- Inside SSH-1
- Implementation Issues
- SSH and File Transfers (scp and sftp)
- Algorithms Used by SSH
- Threats SSH Can Counter
- Threats SSH Doesn’t Prevent
- Threats Caused by SSH
- Summary
- 4. Installation and Compile-Time Configuration
-
5. Serverwide Configuration
- Running the Server
- Server Configuration: An Overview
-
Getting Ready: Initial Setup
- 5.3.1 File Locations
- 5.3.2 File Permissions
-
5.3.3 TCP/IP Settings
- 5.3.3.1 Port number and network interface
- 5.3.3.2 Invocation by inetd or xinetd
- 5.3.3.3 Restarting the SSH server for each connection
- 5.3.3.4 Keepalive messages
- 5.3.3.5 Idle connections
- 5.3.3.6 Failed logins
- 5.3.3.7 Limiting simultaneous connections
- 5.3.3.8 Reverse IP mappings
- 5.3.3.9 Controlling the Nagle Algorithm
- 5.3.3.10 Discovering other servers
- 5.3.4 Key Regeneration
- 5.3.5 Encryption Algorithms
- 5.3.6 Integrity-Checking (MAC) Algorithms
- 5.3.7 SSH Protocol Settings
- 5.3.8 Compression
-
Authentication: Verifying Identities
- 5.4.1 Authentication Syntax
- 5.4.2 Password Authentication
- 5.4.3 Public-Key Authentication
- 5.4.4 Hostbased Authentication
- 5.4.5 Keyboard-Interactive Authentication
- 5.4.6 PGP Authentication
- 5.4.7 Kerberos Authentication
- 5.4.8 PAM Authentication
- 5.4.9 Privilege Separation
- 5.4.10 Selecting a Login Program
- Access Control: Letting People In
- User Logins and Accounts
- Forwarding
- Subsystems
- Logging and Debugging
- Compatibility Between SSH-1 and SSH-2 Servers
- Summary
-
6. Key Management and Agents
- What Is an Identity?
- Creating an Identity
- SSH Agents
- Multiple Identities
- PGP Authentication in Tectia
- Tectia External Keys
- Summary
-
7. Advanced Client Use
- How to Configure Clients
- Precedence
- Introduction to Verbose Mode
-
Client Configuration in Depth
- 7.4.1 Remote Account Name
- 7.4.2 User Identity
- 7.4.3 Host Keys and Known-Hosts Databases
- 7.4.4 SSH Protocol Settings
- 7.4.5 TCP/IP Settings
-
7.4.6 Making Connections
- 7.4.6.1 Number of connection attempts
- 7.4.6.2 Password prompting in OpenSSH
- 7.4.6.3 Password prompting in Tectia
- 7.4.6.4 Batch mode: suppressing prompts
- 7.4.6.5 Pseudo-terminal allocation (TTY/PTY/PTTY)
- 7.4.6.6 Backgrounding a remote command
- 7.4.6.7 Backgrounding a remote command, take two
- 7.4.6.8 Escaping
- 7.4.7 Proxies and SOCKS
- 7.4.8 Forwarding
- 7.4.9 Encryption Algorithms
- 7.4.10 Integrity-Checking (MAC) Algorithms
- 7.4.11 Host Key Types
- 7.4.12 Session Rekeying
- 7.4.13 Authentication
- 7.4.14 Data Compression
- 7.4.15 Program Locations
- 7.4.16 Subsystems
- 7.4.17 Logging and Debugging
- 7.4.18 Random Seeds
-
Secure Copy with scp
- 7.5.1 Full Syntax of scp
- 7.5.2 Handling of Wildcards
- 7.5.3 Recursive Copy of Directories
- 7.5.4 Preserving Permissions
- 7.5.5 Automatic Removal of Original File
- 7.5.6 Safety Features
- 7.5.7 Batch Mode
- 7.5.8 User Identity
- 7.5.9 SSH Protocol Settings
- 7.5.10 TCP/IP Settings
- 7.5.11 Encryption Algorithms
- 7.5.12 Controlling Bandwidth
- 7.5.13 Data Compression
- 7.5.14 File Conversion
- 7.5.15 Optimizations
- 7.5.16 Statistics Display
- 7.5.17 Locating the ssh Executable
- 7.5.18 Getting Help
- 7.5.19 For Internal Use Only
- 7.5.20 Further Configuration
- Secure, Interactive Copy with sftp
- Summary
-
8. Per-Account Server Configuration
- Limits of This Technique
- Public-Key-Based Configuration
- Hostbased Access Control
- The User rc File
- Summary
-
9. Port Forwarding and X Forwarding
- What Is Forwarding?
-
Port Forwarding
- 9.2.1 Local Forwarding
- 9.2.2 Trouble with Multiple Connections
- 9.2.3 Comparing Local and Remote Port Forwarding
- 9.2.4 Forwarding Off-Host
- 9.2.5 Bypassing a Firewall
- 9.2.6 Port Forwarding Without a Remote Login
- 9.2.7 The Listening Port Number
- 9.2.8 Choosing the Target Forwarding Address
- 9.2.9 Termination
- 9.2.10 Configuring Port Forwarding in the Server
- 9.2.11 Protocol-Specific Forwarding: FTP
- Dynamic Port Forwarding
- X Forwarding
- Forwarding Security: TCP-Wrappers and libwrap
- Summary
- 10. A Recommended Setup
-
11. Case Studies
- Unattended SSH: Batch or cron Jobs
-
FTP and SSH
- 11.2.1 FTP-Specific Tools for SSH
- 11.2.2 Static Port Forwarding and FTP: A Study in Pain
- 11.2.3 The FTP Protocol
- 11.2.4 Forwarding the Control Connection
- 11.2.5 FTP, Firewalls, and Passive Mode
- 11.2.6 FTP and Network Address Translation (NAT)
- 11.2.7 All About Data Connections
- 11.2.8 Forwarding the Data Connection
- Pine, IMAP, and SSH
- Connecting Through a Gateway Host
-
Scalable Authentication for SSH
-
11.5.1 Tectia with X.509 Certificates
- 11.5.1.1 What’s a PKI?
- 11.5.1.2 Using certificates with Tectia host keys
- 11.5.1.3 A simple configuration
- 11.5.1.4 Getting a certificate
- 11.5.1.5 Hostkey verification: configuring the server
- 11.5.1.6 Hostkey verification: configuring the Client
- 11.5.1.7 User authentication: configuring the client
- 11.5.1.8 User authentication: configuring the server
- 11.5.2 OpenSSH and Tectia with Kerberos
-
11.5.1 Tectia with X.509 Certificates
- Tectia Extensions to Server Configuration Files
- Tectia Plugins
- 12. Troubleshooting and FAQ
- 13. Overview of Other Implementations
- 14. OpenSSH for Windows
- 15. OpenSSH for Macintosh
- 16. Tectia for Windows
- 17. SecureCRT and SecureFX for Windows
-
18. PuTTY for Windows
- Obtaining and Installing
- Basic Client Use
- File Transfer
- Key Management
- Advanced Client Use
- Forwarding
- Summary
- A. OpenSSH 4.0 New Features
- B. Tectia Manpage for sshregex
-
C. Tectia Module Names for Debugging
- D. SSH-1 Features of OpenSSH and Tectia
- E. SSH Quick Reference
- Index
- About the Authors
- Colophon
- Copyright
Product information
- Title: SSH, The Secure Shell: The Definitive Guide, 2nd Edition
- Author(s):
- Release date: May 2005
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596008956
You might also like
book
Kubernetes: Up and Running, 3rd Edition
In just five years, Kubernetes has radically changed the way developers and ops personnel build, deploy, …
book
The Linux Command Line, 2nd Edition
The Linux Command Line takes you from your very first terminal keystrokes to writing full programs …
book
Efficient Linux at the Command Line
Take your Linux skills to the next level! Whether you're a system administrator, software developer, site …
book
Ansible: Up and Running, 3rd Edition
Among the many configuration management tools available, Ansible has some distinct advantages: It's minimal in nature. …