Synopses & Reviews
Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively.Everything you want to know about SSH is in our second edition of SSH, The Secure Shell: The Definitive Guide. This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution.How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration.Written for a wide, technical audience, SSH, The Secure Shell: The Definitive Guide covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, our indispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks.No matter where or how you're shipping information, SSH, The Secure Shell: The Definitive Guide will show you how to do it securely.
About the Author
Daniel J. Barrett has been immersed in Internet technology since 1985. Currently working as a software engineer, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. He is the author of O'Reilly's Linux Pocket Guide, and is the coauthor of Linux Security Cookbook, and the first edition of SSH, The Secure Shell: The Definitive Guide. He also writes monthly columns for Compute! and Keyboard Magazine, and articles for the O'Reilly Network.
Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. He co-authored the first edition of SSH, The Secure Shell: The Definitive Guide.
Robert G. Byrnes, Ph.D., has been hacking on Unix systems for twenty years, and has been involved with security issues since the original Internet worm was launched from Cornell University, while he was a graduate student and system administrator. Currently, he's a software engineer at Curl Corporation, and has worked in the fields of networking, telecommunications, distributed computing, financial technology, and condensed matter physics.
Table of Contents
Preface; Protect Your Network with SSH; Intended Audience; Reading This Book; Our Approach; Which Chapters Are for You?; Supported Platforms; Disclaimers; Conventions Used in This Book; Comments and Questions; Safari Enabled; Acknowledgments; Chapter 1: Introduction to SSH; 1.1 What Is SSH?; 1.2 What SSH Is Not; 1.3 The SSH Protocol; 1.4 Overview of SSH Features; 1.5 History of SSH; 1.6 Related Technologies; 1.7 Summary; Chapter 2: Basic Client Use; 2.1 A Running Example; 2.2 Remote Terminal Sessions with ssh; 2.3 Adding Complexity to the Example; 2.4 Authentication by Cryptographic Key; 2.5 The SSH Agent; 2.6 Connecting Without a Password or Passphrase; 2.7 Miscellaneous Clients; 2.8 Summary; Chapter 3: Inside SSH; 3.1 Overview of Features; 3.2 A Cryptography Primer; 3.3 The Architecture of an SSH System; 3.4 Inside SSH-2; 3.5 Inside SSH-1; 3.6 Implementation Issues; 3.7 SSH and File Transfers (scp and sftp); 3.8 Algorithms Used by SSH; 3.9 Threats SSH Can Counter; 3.10 Threats SSH Doesn't Prevent; 3.11 Threats Caused by SSH; 3.12 Summary; Chapter 4: Installation and Compile-Time Configuration; 4.1 Overview; 4.2 Installing OpenSSH; 4.3 Installing Tectia; 4.4 Software Inventory; 4.5 Replacing r-Commands with SSH; 4.6 Summary; Chapter 5: Serverwide Configuration; 5.1 Running the Server; 5.2 Server Configuration: An Overview; 5.3 Getting Ready: Initial Setup; 5.4 Authentication: Verifying Identities; 5.5 Access Control: Letting People In; 5.6 User Logins and Accounts; 5.7 Forwarding; 5.8 Subsystems; 5.9 Logging and Debugging; 5.10 Compatibility Between SSH-1 and SSH-2 Servers; 5.11 Summary; Chapter 6: Key Management and Agents; 6.1 What Is an Identity?; 6.2 Creating an Identity; 6.3 SSH Agents; 6.4 Multiple Identities; 6.5 PGP Authentication in Tectia; 6.6 Tectia External Keys; 6.7 Summary; Chapter 7: Advanced Client Use; 7.1 How to Configure Clients; 7.2 Precedence; 7.3 Introduction to Verbose Mode; 7.4 Client Configuration in Depth; 7.5 Secure Copy with scp; 7.6 Secure, Interactive Copy with sftp; 7.7 Summary; Chapter 8: Per-Account Server Configuration; 8.1 Limits of This Technique; 8.2 Public-Key-Based Configuration; 8.3 Hostbased Access Control; 8.4 The User rc File; 8.5 Summary; Chapter 9: Port Forwarding and X Forwarding; 9.1 What Is Forwarding?; 9.2 Port Forwarding; 9.3 Dynamic Port Forwarding; 9.4 X Forwarding; 9.5 Forwarding Security: TCP-Wrappers and libwrap; 9.6 Summary; Chapter 10: A Recommended Setup; 10.1 The Basics; 10.2 Compile-Time Configuration; 10.3 Serverwide Configuration; 10.4 Per-Account Configuration; 10.5 Key Management; 10.6 Client Configuration; 10.7 Remote Home Directories (NFS, AFS); 10.8 Summary; Chapter 11: Case Studies; 11.1 Unattended SSH: Batch or cron Jobs; 11.2 FTP and SSH; 11.3 Pine, IMAP, and SSH; 11.4 Connecting Through a Gateway Host; 11.5 Scalable Authentication for SSH; 11.6 Tectia Extensions to Server Configuration Files; 11.7 Tectia Plugins; Chapter 12: Troubleshooting and FAQ; 12.1 Debug Messages: Your First Line of Defense; 12.2 Problems and Solutions; 12.3 Other SSH Resources; Chapter 13: Overview of Other Implementations; 13.1 Common Features; 13.2 Covered Products; 13.3 Other SSH Products; Chapter 14: OpenSSH for Windows; 14.1 Installation; 14.2 Using the SSH Clients; 14.3 Setting Up the SSH Server; 14.4 Public-Key Authentication; 14.5 Troubleshooting; 14.6 Summary; Chapter 15: OpenSSH for Macintosh; 15.1 Using the SSH Clients; 15.2 Using the OpenSSH Server; Chapter 16: Tectia for Windows; 16.1 Obtaining and Installing; 16.2 Basic Client Use; 16.3 Key Management; 16.4 Accession Lite; 16.5 Advanced Client Use; 16.6 Port Forwarding; 16.7 Connector; 16.8 File Transfers; 16.9 Command-Line Programs; 16.10 Troubleshooting; 16.11 Server; Chapter 17: SecureCRT and SecureFX for Windows; 17.1 Obtaining and Installing; 17.2 Basic Client Use; 17.3 Key Management; 17.4 Advanced Client Use; 17.5 Forwarding; 17.6 Command-Line Client Programs; 17.7 File Transfer; 17.8 Troubleshooting; 17.9 VShell; 17.10 Summary; Chapter 18: PuTTY for Windows; 18.1 Obtaining and Installing; 18.2 Basic Client Use; 18.3 File Transfer; 18.4 Key Management; 18.5 Advanced Client Use; 18.6 Forwarding; 18.7 Summary; OpenSSH 4.0 New Features; Server Features: sshd; Client Features: ssh, scp, and sftp; ssh-keygen; Tectia Manpage for sshregex; Regex Syntax: Egrep Patterns; Regex Syntax: ZSH_FILEGLOBTectia (continued)sshregex manpageZSH_FILEGLOB sshregex (Tectia) manpageZSH_FILEGLOB regular expressions manpage (Tectia)ZSH_FILEGLOB (or Traditional) Patterns; Character Sets for Egrep and ZSH_FILEGLOB; Regex Syntax: SSH Patterns; Authors; See Also; Tectia Module Names for Debugging; ; SSH-1 Features of OpenSSH and Tectia; OpenSSH Features; Tectia Features; SSH Quick Reference; Legend; sshd Options; sshd Keywords; ssh Options; scp Options; ssh and scp Keywords; ssh-keygen Options; ssh-agent Options; ssh-add Options; Identity and Authorization Files, OpenSSH; Identity and Authorization Files, Tectia; Environment Variables; Colophon;