SSH, The Secure Shell: The Definitive Guide [Paperback]

Daniel J. Barrett (Author), Richard E. Silverman (Author), Robert G. Byrnes (Author)

Book Description

ISBN-10: 0596008953 | ISBN-13: 978-0596008956 | Publication Date: May 1, 2005 | Edition: Second Edition

Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively.

Everything you want to know about SSH is in our second edition of SSH, The Secure Shell: The Definitive Guide. This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution.

How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration.

Written for a wide, technical audience, SSH, The Secure Shell: The Definitive Guide covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, our indispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks.

No matter where or how you're shipping information, SSH, The Secure Shell: The Definitive Guide will show you how to do it securely.

Editorial Reviews

Amazon.com Review

The suite of utility applications that Unix users and administrators find indispensable--Telnet, rlogin, FTP, and the rest--can in fact prove to be the undoing of interconnected systems. The Secure Shell, a.k.a. SSH (which isn't a true shell at all) provides your otherwise attack-prone utilities with the protection they need. SSH: The Secure Shell: The Definitive Guide explains how to use SSH at all levels. In a blended sequence, the book explains what SSH is all about, how it fits into a larger security scheme, and how to employ it as an everyday user with an SSH client. More technically detailed chapters show how to configure a SSH server--several variants are covered--and how to integrate SSH with non-Unix client platforms.

As befits its detail- and variation-rich subject, this book comprises many specialized sections, each dealing with some specific aspect of use or configuration (setting up access control at the account level, for example, or generating keys for a particular SSH server). The writing is both informative and fun to read; the authors switch back and forth between text and entry-and-response listings from SSH machines. They often run through a half-dozen or more variants on the same command in a few pages, providing the reader with lots of practical information. The discussion of how SSH fits into a Kerberos Public Key Infrastructure (PKI) is great, as is the advice on defeating particular kinds of attacks. --David Wall

Topics covered:

• The Secure Shell (SSH) for installers, administrators, and everyday users
• SSH design and operation
• Server setup
• SSH agents
• Client configuration
• Public Key Infrastructure (PKI) integration
• SSH1
• SSH2
• F-Secure
• OpenSSH for Unix
• SSH1 and SecureCRT for Microsoft Windows
• NiftyTelnet SSH for Mac OS

--This text refers to an out of print or unavailable edition of this title.

Review

"Still the best SSH book out there by a long shot, but too much on Tectia and not enough on OpenSSH 4." - Paul Hudson, Linux Format, October 2005 "The authors manage to convey what SSH is all about as a concept and how to use it in the real world with equal aplomb, and highly technical configuration details are explained with clarity. They are happy to related how to integrate SSH into non-Unix clients, which makes a pleasant change from the typical Unix gurus who write books such as this. Whenever with see the words "definitive guide' included in the title of a book, we usually prepare ourselves for something far from it. The exception being when O'Reilly are the publishers, and this SSH guide is certainly as definitive as any you are likely to read. And read it you should if you are seriously involved with network security." Davey Winder, PC Plus, November 2005

See all Editorial Reviews

Product Details

• Paperback: 668 pages
• Publisher: O'Reilly Media; Second Edition edition (May 1, 2005)
• Language: English
• ISBN-10: 0596008953
• ISBN-13: 978-0596008956
• Product Dimensions: 9.4 x 7.1 x 1.2 inches
• Shipping Weight: 2.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.1 out of 5 stars  See all reviews (35 customer reviews)
• Amazon Best Sellers Rank: #190,295 in Books (See Top 100 in Books)
  • #12 in Books > Computers & Technology > Operating Systems > Unix > Shell
  • #89 in Books > Computers & Technology > Networking > Intranets & Extranets

More About the Author

Thanks for looking at my books on Amazon. I've been writing about technical/computer topics since the early 1990s.

These days my interests focus on the intersection of technology and people. Great software isn't enough: you need to get people to use it, and use it efficiently and productively. Wikis are a great example, particularly in corporate environments.

Customer Reviews

Most Helpful Customer Reviews

50 of 53 people found the following review helpful:

5.0 out of 5 stars The SSH book, April 3, 2001

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: SSH, The Secure Shell: The Definitive Guide (Paperback)

There is a good reason why people write superficial messages on post cards: post cards afford no confidentiality and there is no expectation of privacy. The Internet can be compared to a post card; it is one large system where data is freely interchanged. While common sense tells us that post cards are open to the public, there is a misperception among non-technical Internet users that Internet data is kept private. However, nothing could be further from the truth; on the Wild West net,

all data is inherently open and unregulated.

There are solutions to this predicament. One solution is called SSH (Secure Shell). SSH provides a way to take that "postcard" and have it securely delivered by a courier.

In a nutshell, the book SSH, the Secure Shell: The Definitive Guide expands on two basic ideas: - Privacy is a basic human right, but on today's computer networks, privacy isn't guaranteed. - SSH is a simple idea, but it has many complex parts.

But the truth is that the need for privacy and security on today's networks is far too important to be encapsulated in two bullets. This book is so loaded with valuable and important information that anyone using or administering SSH should read it thoroughly.

As an introduction, SSH is a protocol that enables secure communications between computer systems that are communicating over insecure channels. SSH is more than simply a point-to-point encryption process such as a VPN. SSH allows users to authenticate themselves to remote hosts. After authentication, users can securely execute commands on a remote machine. SSH fills in for the security deficiencies that are inherent in applications such as telnet, ftp, rlogin, rsh, and rcp. The book also shows how SSH can be used to secure other protocols, such as POP, SMTP, IMAP, and others.

SSH was developed in response to the Unix "r" commands' (rsh, rlogin, rcp) vulnerability to attack. Some of these vulnerabilities include password and protocol sniffing, spoofing, eavesdropping and connection hijacking.

SSH, the Secure Shell: The Definitive Guide is everything you need to know about SSH and lives up to its bold claim of being a definitive guide. After an introduction to SSH -- why it came to be needed and its features and history -- the book goes into the core of the administration and use of SSH. The authors explain that SSH is in reality, not a true shell. The two versions of secure shell are SSH1 and SSH2; the book distinguishes between the two and describes when to use each version.

Chapter 2 details the basic client use of SSH. It shows how remote sessions are managed by the program and the various ways a user can authenticate to an SSH server.

Subsequent chapters cover the aspects of installing and compiling SSH. A myriad of different configuration possibilities are discussed. As the authors maintain, SSH is at its foundation a simple idea, but it has countless complex parts. SSH allows for a highly configurable architecture and provides both strong encryption and public-key authentication, but this comes at the price of complexity. The book allows an SSH administrator to understand the various versions and implementations of SSH (SSH1, SSH2, OpenSSH, F-Secure SSH, in addition to ports for Unix, Windows and Macintosh).

Chapter 9 provides in-depth coverage of a powerful feature of SSH -- port forwarding and X forwarding. Forwarding enables SSH to intercept service requests from another software program on one side of the SSH connection, send it across the encrypted connection, and then deliver it to the intended recipient on the other side. X Forwarding enables a user to securely run remote X Window applications by securing the X protocol traffic.

The authors demonstrate their extensive real-world experience with SSH throughout the book. The book includes many technical tips that could only have been obtained through extensive and widespread use. This attention to detail is especially useful considering the documentation provided with the free SSH implementation is often inaccessible for those without extensive SSH experience. Chapter 11 -- Case Studies, available on-line at Unix Review's book excerpt's -- details examples of real-world use of SSH. Two examples are how to integrate SSH with Pine or IMAP and the use of Kerberos with SSH. Anyone attempting such installations and configurations can attest to the difficulties involved.

For anyone who has had occasion to troubleshoot SSH, Chapter 12 -- Troubleshooting and Frequently Asked Questions -- will be a real boon. Many of the common (and some not so common) issues that have left many SSH systems administrators scratching their heads are addressed in this chapter.

For the SSH aficionado on a tight budget, the comprehensive SSH FAQ can be downloaded from various sites on the Web. For everyone else who needs to understand the often-undocumented inner-workings of SSH, this book is required reading.

8 of 8 people found the following review helpful:

4.0 out of 5 stars Great for understanding SSH, useful for configuring it., October 27, 2001

By 

R. EARLS "r.e." (Overland Park, Kansas USA) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: SSH, The Secure Shell: The Definitive Guide (Paperback)

I find too often that SysAdmins simply slap a pre-configured SSH onto their systems and do not truly understand how it works. Tasked with implementing SSH at my UNIX site, I found this book to be useful both in understanding SSH, and actually configuring it. This book is heavily weighted towards SSH1 and SSH2 and provides a wonderful amount of detail. However, I found it's coverage of OpenSSH to be lacking. I had to search the internet for a good deal of supplementary material to get OpenSSH working the way I wanted it to.

I truly enjoyed the books explanation of how a secure channel is established before login occurs. This explains the "magic" of the authentication process that is so integral to SSH. Its explanation of publickey authentication is also excellent. It helps you to really understand what SSH is for and how it can be used.

Examples are a bit too cluttered at times and are lost on the reader. I was also expecting a better explanation on how to "implement and administer" SSH at my site. For example, creating SSH packages and keeping known_host files updated. I have found the most useful information on these topics from various internet articles.

If you're truly interested in the inner-workings of SSH, I would strongly recommend this book.

11 of 12 people found the following review helpful:

3.0 out of 5 stars Good book untill you really need to put SSH to use, January 3, 2003

By A Customer

This review is from: SSH, The Secure Shell: The Definitive Guide (Paperback)

I bought this book several months ago because I was considering implementing SSH into a systm. Prior to reading the book, I had little understanding of SSH other than that it provides secure versions of popular tools such as FTP.
I initially read most of it during a cross-country flight. It was really good, and I came away with a good theoretical understanding of SSH. Now here I am several months later trying to actually implement it, and I'm not so pleased with the book. Infomation is scattered throughout the book. If you don't believe me, take a look at the index, it is online here at the Amazon site. As you are reading a topic, the texts suggests you bounce to another page, then another, and another. It's very confusing. Also, probably not so much of the book's fault, but there are a lot of flavors of SSH (both protocols (2) and implementations (many)). I find it very difficult to understand which material in the general text applies to the version I am using. There is a good index that does break down some commands and associated options / arguments by SSH implementation.
One good thing, though, is that I emailed the authors a question, and one of them actually responded.