Pro OpenSSH (Expert's Voice in Open Source) [Paperback]

Michael Stahnke (Author), John Traenkenschuh (Author)

Book Description

Series: Expert's Voice in Open Source | Publication Date: October 15, 2005

SSH, acronym for Secure Socket Shell, is the de facto standard among users and administrators wishing to establish secure communication between disparate networks. Pro OpenSSH, authored by two Fortune 100 system administrators, provides readers with a highly practical reference for configuring and deploying OpenSSH in their own environment. OpenSSH installation and configuration, key management, secure logging, client/server architectures, and digital certificates are just some of the topics covered in this book. Readers are also treated to complete deployment scenarios that come up almost daily in enterprise environments, large or small.

Editorial Reviews

About the Author

Michael Stahnke works as a Unix Security Administrator at a Fortune 100 company in the Midwest. He has headed implementation of Secure Shell for his corporate IT group and assisted with global production rollouts. Additionally, he has led several studies and projects to improve the security state of his large-scale UNIX/Linux environment. When not devoting his time to improving security at work, Michael spends time researching and applying new open-source technologies and practices. Michael has also done contract programming to create content management solutions utilizing PHP, Perl, MySQL and C++.

John Traenkenschuh is a Senior Security Analyst at a Fortune 100 company. He has over ten years experience in Information Security, during which time he has earned the Certified Checkpoint Security Engineer and Administrator designations, a CISSP, and recently, his involvement with Security and with teaching VB .Net at Bradley University earned him a Microsoft Most Valuable Professional(MVP)/2004 designation. As a security analyst/consultant at three Fortune 100 companies, John has led research and implementation projects for technologies ranging from Wireless communications to UNIX to Windows to TCP/IP. He has authored numerous technical security policies for his company and enjoys technical articles on security exploits, valuable for the times he has helped/led security investigations. He is skilled with several flavors of UNIX, linux, and BSD but finds BSD truly yummy. For fun, he has been technical editor for several books and a member of the Center for Internet Security's benchmark for PIX firewalling. He is slated to lead the Checkpoint benchmark effort once the PIX benchmark is published.

Product Details

• Paperback: 312 pages
• Publisher: Apress (October 15, 2005)
• Language: English
• ISBN-10: 1590594762
• ISBN-13: 978-1590594766
• Product Dimensions: 9.1 x 7 x 0.8 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #1,103,294 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

13 of 13 people found the following review helpful:

3.0 out of 5 stars Master OpenSSH like a pro, November 19, 2006

By 

jose_monkey_org "jose_monkey_org" (ann arbor, mi, USA) - See all my reviews

This review is from: Pro OpenSSH (Expert's Voice in Open Source) (Paperback)

The title of this book doesn't seem to refer to what it expects you to know when you start the book. Rather, you can enter a novice and, after reading the book and following the examples, become an SSH pro. A pretty powerful statement, and a promise the book basically lives up to. The book focuses on OpenSSH, the dominant SSH implementation on the Internet today. Alternatives, and how they're different, are discussed at the end of the book.

A lot has changed since the O'Reilly book on SSH (The Definitive Guide) was published, meaning new versions of SSH, new capabilities, and new tools to help you use SSH. What Stahnke's book has done is to assemble them all into a single place and provide a comprehensive, and clear, overview of them.

Part one of the book covers real basic SSH stuff: the protocols that we used to use, and how SSH has taken to replacing them all. The two chapters in this part are clear and simple, but there's little technical meat. You'll get to that quickly.

Part two covers SSH configuration options, and there's a myriad set of options for both the client and the server. Without wasting much space, causing a whole lot of redundancy with the (well annotated) configuration flies, the book does a decent job of hitting nearly every option available for both the client and the server. Authentication gets its own chapter, as can be expected, because it's a complex (but not a very complicated, as the book shows you) topic.

Chapter 7 covers TCP forwarding, which is one of those things that works pretty well but can be a bit tricky to set up sometimes. The options and setup makes sense, and its covered with clarity and skill.

Chapter 8 is one of the more valuable chapters, covering SSH environment management. Because you have keys and identities to manage, the process isn't always the easiest thing to do. Pro OpenSSH does a pretty good job of sharing secrets, giving insight into how the process can be managed and automated.

Chapter 9 is another one of the gems of the book. Only people who know a lot about system administration and SSH would have been able to write it so well, so clear, and so wisely. This is another uncommon facet of this book, and it's covered skillfully in Pro OpenSSH.

Chapter 10 and Appendix A cover some non-OpenSSH software, including the Tectia server and the various families of OpenSSH compatible clients, servers, and add-ons you can buy or download. Again, included for completeness, and some of it appears to receive little coverage elsewhere. Appendix B is another useful chapter, covering OpenSSH on Windows, where it's non-native but just as powerful.

Pro OpenSSH is a focused, high impact volume covering the bulk of what you would want to do with SSH in a system and network environment. The writing is clear, the examples are great, and the book delivers on its promise: you can walk in an OpenSSH novice and out a professional.

10 of 10 people found the following review helpful:

5.0 out of 5 stars Everything you need to know to implement, December 14, 2005

By 

Harold McFarland (Florida) - See all my reviews
(HALL OF FAME REVIEWER)    (VINE VOICE)    (REAL NAME)   

This review is from: Pro OpenSSH (Expert's Voice in Open Source) (Paperback)

Many legacy protocols and applications such as FTP, Telnet, rlogin, rsh, and rcp are inherently insecure because they send usernames and passwords in plain text or other insecure procedures. Secure Shell (SSH) was developed to resolve this problem. All the information you need in order to implement SSH is available on the Internet but is hard to filter through to find current and complete information. This is one of the problems this book addresses and is a good reason to purchase the book.

The author have organized the book well and move the reader from the basics of what SSH can do for you, installing, and configuring SSH through best practices for securing your SSH server, tunneling protocols, and administering your OpenSSH server. The author does an excellent job of explaining each step simply, concisely, and clearly without being too simplistic while still providing all the technical information you need to set it all up and get it running correctly. The book does not go into theoretical detail to any significant extent and so is not appropriate for someone wanting to learn theoretical implementation and programming OpenSSH. On the other hand, if all you want is to understand what it is, how to set it up and get it running correctly, and how to administer it once it is up then this is easily one of the best books on the subject. Pro OpenSSH is highly recommended.

9 of 9 people found the following review helpful:

4.0 out of 5 stars OpenSSH in depth, June 26, 2006

By 

J. P. Mens (Germany, Europe) - See all my reviews
(REAL NAME)   

This review is from: Pro OpenSSH (Expert's Voice in Open Source) (Paperback)

If you are new to OpenSSH, don't let the "Pro" in the title scare you off; the first half of the 270-page book is just what you need: the first two chapters of Pro OpenSSH are of an introductory nature and introduce the reader to the insecurity of the legacy R-tools and telnet as well as a quick implementation of OpenSSH and a short introduction to the excellent PuTTY, an SSH client for Windows (this is expanded on in an appendix).

In part 2, Michael Stahnke discusses the configuration of OpenSSH starting with a detailed look at the files required by the client and the server portions of the program including manual-page-like descriptions of the keywords in sshd_config and the options and syntax of the command-line tools. The chapter on Authentication digs into Public Key Authentication, key generation and distribution as well as key management (also taken onto a new level in a later chapter), and agent forwarding. This is a must-read for anyone who uses SSH to connect to more than one host.

The advanced topics start in part 3, and this is where the "Pro" begins. The complex topic TCP forwarding is well explained and a number of diagrams help the reader to better understand the nitty-gritty of setting up tunnels with OpenSSH.

The most interesting chapter I found next; Managing your OpenSSH Environment, in which the author introduces an OpenSSH secure gateway that can be used in large environments. Securing OpenSSH, SSH- and Key-Management are followed by SSHFP (RFC 4255), a method to store public host keys in DNS. Stahnke implements a method for distributing public keys using RPM. Although that is interesting in itself, I strongly missed a discussion on storing SSH public keys in an LDAP directory; a must-have IMHO.

Part 4 of Pro OpenSSH deals with Administration. Sundry Shell and Perl scripts in real-world examples give the reader a good look into the capabilities of using OpenSSH in her own tools on her own systems. Last but not least, the appendices focus on alternative SSH clients and SSH on Windows.

Even if you have, like I have, already read SSH, The Secure Shell, Apress' Pro OpenSSH is well worth reading. I give it an 8/10.