Customer Reviews

SSH, The Secure Shell: The Definitive Guide

5 star:		(17)
4 star:		(7)
3 star:		(8)
2 star:		(2)
1 star:		(1)

 

 

There is a good reason why people write superficial messages on post cards: post cards afford no confidentiality and there is no expectation of privacy. The Internet can be compared to a post card; it is one large system where data is freely interchanged. While common sense tells us that post cards are open to the public, there is a misperception among non-technical Internet users that Internet data is kept private. However, nothing could be further from the truth; on the Wild West net,

all data is inherently open and unregulated.

There are solutions to this predicament. One solution is called SSH (Secure Shell). SSH provides a way to take that "postcard" and have it securely delivered by a courier.

In a nutshell, the book SSH, the Secure Shell: The Definitive Guide expands on two basic ideas: - Privacy is a basic human right, but on today's computer networks, privacy isn't guaranteed. - SSH is a simple idea, but it has many complex parts.

But the truth is that the need for privacy and security on today's networks is far too important to be encapsulated in two bullets. This book is so loaded with valuable and important information that anyone using or administering SSH should read it thoroughly.

As an introduction, SSH is a protocol that enables secure communications between computer systems that are communicating over insecure channels. SSH is more than simply a point-to-point encryption process such as a VPN. SSH allows users to authenticate themselves to remote hosts. After authentication, users can securely execute commands on a remote machine. SSH fills in for the security deficiencies that are inherent in applications such as telnet, ftp, rlogin, rsh, and rcp. The book also shows how SSH can be used to secure other protocols, such as POP, SMTP, IMAP, and others.

SSH was developed in response to the Unix "r" commands' (rsh, rlogin, rcp) vulnerability to attack. Some of these vulnerabilities include password and protocol sniffing, spoofing, eavesdropping and connection hijacking.

SSH, the Secure Shell: The Definitive Guide is everything you need to know about SSH and lives up to its bold claim of being a definitive guide. After an introduction to SSH -- why it came to be needed and its features and history -- the book goes into the core of the administration and use of SSH. The authors explain that SSH is in reality, not a true shell. The two versions of secure shell are SSH1 and SSH2; the book distinguishes between the two and describes when to use each version.

Chapter 2 details the basic client use of SSH. It shows how remote sessions are managed by the program and the various ways a user can authenticate to an SSH server.

Subsequent chapters cover the aspects of installing and compiling SSH. A myriad of different configuration possibilities are discussed. As the authors maintain, SSH is at its foundation a simple idea, but it has countless complex parts. SSH allows for a highly configurable architecture and provides both strong encryption and public-key authentication, but this comes at the price of complexity. The book allows an SSH administrator to understand the various versions and implementations of SSH (SSH1, SSH2, OpenSSH, F-Secure SSH, in addition to ports for Unix, Windows and Macintosh).

Chapter 9 provides in-depth coverage of a powerful feature of SSH -- port forwarding and X forwarding. Forwarding enables SSH to intercept service requests from another software program on one side of the SSH connection, send it across the encrypted connection, and then deliver it to the intended recipient on the other side. X Forwarding enables a user to securely run remote X Window applications by securing the X protocol traffic.

The authors demonstrate their extensive real-world experience with SSH throughout the book. The book includes many technical tips that could only have been obtained through extensive and widespread use. This attention to detail is especially useful considering the documentation provided with the free SSH implementation is often inaccessible for those without extensive SSH experience. Chapter 11 -- Case Studies, available on-line at Unix Review's book excerpt's -- details examples of real-world use of SSH. Two examples are how to integrate SSH with Pine or IMAP and the use of Kerberos with SSH. Anyone attempting such installations and configurations can attest to the difficulties involved.

For anyone who has had occasion to troubleshoot SSH, Chapter 12 -- Troubleshooting and Frequently Asked Questions -- will be a real boon. Many of the common (and some not so common) issues that have left many SSH systems administrators scratching their heads are addressed in this chapter.

For the SSH aficionado on a tight budget, the comprehensive SSH FAQ can be downloaded from various sites on the Web. For everyone else who needs to understand the often-undocumented inner-workings of SSH, this book is required reading.

I find too often that SysAdmins simply slap a pre-configured SSH onto their systems and do not truly understand how it works. Tasked with implementing SSH at my UNIX site, I found this book to be useful both in understanding SSH, and actually configuring it. This book is heavily weighted towards SSH1 and SSH2 and provides a wonderful amount of detail. However, I found it's coverage of OpenSSH to be lacking. I had to search the internet for a good deal of supplementary material to get OpenSSH working the way I wanted it to.

I truly enjoyed the books explanation of how a secure channel is established before login occurs. This explains the "magic" of the authentication process that is so integral to SSH. Its explanation of publickey authentication is also excellent. It helps you to really understand what SSH is for and how it can be used.

Examples are a bit too cluttered at times and are lost on the reader. I was also expecting a better explanation on how to "implement and administer" SSH at my site. For example, creating SSH packages and keeping known_host files updated. I have found the most useful information on these topics from various internet articles.

If you're truly interested in the inner-workings of SSH, I would strongly recommend this book.

I bought this book several months ago because I was considering implementing SSH into a systm. Prior to reading the book, I had little understanding of SSH other than that it provides secure versions of popular tools such as FTP.
I initially read most of it during a cross-country flight. It was really good, and I came away with a good theoretical understanding of SSH. Now here I am several months later trying to actually implement it, and I'm not so pleased with the book. Infomation is scattered throughout the book. If you don't believe me, take a look at the index, it is online here at the Amazon site. As you are reading a topic, the texts suggests you bounce to another page, then another, and another. It's very confusing. Also, probably not so much of the book's fault, but there are a lot of flavors of SSH (both protocols (2) and implementations (many)). I find it very difficult to understand which material in the general text applies to the version I am using. There is a good index that does break down some commands and associated options / arguments by SSH implementation.
One good thing, though, is that I emailed the authors a question, and one of them actually responded.

SSH:

- A complex and hard to master protocol (protocols).
- An invaluable defensive weapon against several types of attacks.
- In short time, SSH will be the 'de facto' privacy standard for remote connections and transference.

The Approach:

Three extraordinary introduction chapters, clearly and well written, lead you step by step into SSH internals. Several clever graphics, and a lot of basic definitions makes these chapters absolutely self contained.
The rest of the chapters are carefully dedicated to issues related to implementation and use of SSH, and to ports to several Operating Systems.

The Book:

540+ Pages well structured into 17 chapters and two appendixes.
Clever conventions, and a very useful 'Which Chapters Are for You' guide.
Plenty of 'real world' examples and 63 pages of special case studies.

The Covered Protocols:

- SSH1.
- F-Secure SSH1.
- OpenSSH.
- SSH2.
- F-Secure SSH2.

The Intended Audience:

Quoting the authors: " We've written this book for system administrators and technically minded users. Some chapters are suitable for a wide audience, while others are thoroughly technical and intended for computer and networking professionals."

The Bottom Line:

Being a computer security professor, I constantly assign to my students complex laboratory works related to SSH. Well, with the only help of this book, they usually succeed in their tasks and even improve the original projects.
It is a worthy book and really deserves to be purchased.

I had some experience with ssh prior to purchasing this book, but picked it up to learn about more advanced topics like key pair generation for unattended ssh tunnels.

The content of the book is ok, but the organization is horrible. The authors mix SSH1, SSH2 and OpenSSH and it is easy to get confused as to which files or commands belong to which. To add to the confusion, OpenSSH now appears to support SSH2 protocol so a lot of the file names don't match up. That makes the book a little out-of-date.

The biggest complaint is that there are no "cookbooks". I wanted to do something well-defined and relatively common. There was a section suited specifically to what I wanted. However to ACTUALLY IMPLEMENT the technique, I had to flip back and forth between 5 different sections, plus infer some information about file contents.

There are few complete configuration file examples. There are snips of files scattered throughout a section - again making for a lot of navigation through the book to assemble sufficient information to get the job done.

The index is marginal, which makes this poorly-suited for a reference manual.

In all, a real disappointment for a O'Reilly book. The editors must have been asleep at the wheel.

If you are a UNIX/Linux admin or user, and want the best documentation on SSH then this is the book. I personally don't like reading HOWTOs, FAQs, etc on the Computer screen (trying to save my eyes). Anyway, this book gives a well ordered explaination of ssh giving you the ability to read by topic. For example, if you are interested in the options available to configure the authentication process, it is not simply lumped in the list of sshd_config options, but is ALL located in the same place with a good discussion of the option. It is well indexed to find what you need quickly.

One of the best features of the book is that it covers ssh1,
ssh2, and Openssh. Using the authentication example, the book gives you how ssh1 handles it first, then ssh2, and then Openssh. Which is important since they will sometimes handle things differently.

This is only the second book I have used that covers SSH, and it is without a doubt, the better of the two. If you use SSH for production systems, this book is a must.

SSH has quickly become the tool of choice for remotely administering a Unix (or for that matter) Linux computer, replacing telnet, rsh and ftp. This is for good reason, these tools can easily become security holes and it is much easier to keep one tool well maintinaed and secure than a number.

SSH gives improved security, both at login and of the data transmitted between computers. SSH offers both security and privacy, rare things online today. It allows secure communications between computers. SSH allows users to authenticate themselves to remote hosts. After authentication, users can securely execute commands on a remote machine. SSH fills in for the security deficiencies that are inherent in earlier methods.

SSH was developed in response to the vulnerability to attack in earlier remote login and control methods. Some of these vulnerabilities include password and protocol sniffing, spoofing, eavesdropping and connection hijacking. Simply, it is the protocol of choice for secure communications between two computers across internet connections.

Administering and running SSH can be a pain. As the book points out it is a simple concept with complex parts. It took me a good three or four hours for my first connection to a remote computer and another two to get SSH logins working on my computer. This book was an excellent assist throughout.

It covers the three varieties of SSH (SSH 1, SSH2 and Open SSH), giving the differences and benefits of the versions. The book also shows how SSH can be used to secure other protocols, such as POP, SMTP, IMAP, and others.

It also gives detailed explanations of what SSH secures against and, perhaps more importantly, what it doesn't secure against. It explains the key technology and how you can integrate your SSH connections into a Public Key Infrastructure.

I also found the Troubleshooting and Quick Reference sections extremely useful, worth the price of the book on their own.

It does all this in a straight forward and well written manner, covering all the details without treating you like a dummy. The book is extremely well structured and formatted, introducing topics in a methodical way.

I had no need for the sections on various ports of SSH to Windows or the Macintosh prior to OS X, but they read well and seem to cover the topic as well as the other sections. So far I've used SSH assisted this book to connect between my Macintosh running OS X and a Linux host, between a Linux computer and a Linux host and a Linux computer and my OS X Macintosh running as host. While their were minor problems with each of these they were quickly sorted out using the information and troubleshooting sections of this book.

In conclusion, SSH is not a simple topic and this book covers it superbly. I would recommmend it to anyone using or administering SSH. It's one flaw is that it can be a little heavy and hard to understand, though not overly so. I have therefore given it only four stars.

This is one of those O'Reilly books that actually makes you stupider than you were before having read it.

Face it, nobody reads books like this cover-to-cover. We might go through the introduction and the first few chapters, but after that we jump around to the parts we want to know about right now. The authors of this book have done everything in their power to make sure that this is not possible. In my case, I was interested in learning more about the various options involved in port forwarding, so I skipped ahead to chapter 9, which is dedicated to the subject. Unfortunately for me, I was completely lost, not because I had no grasp of the concepts involved, but because of the horrible writing, illustration and page layout choices.

First off, the authors seem to be big fans of mathematics, as they frequently contract long, complex statements into single letters they have chosen arbitrarily. Now this might not be a big problem when you're talking about getting from "computer A" to "computer B", but when providing examples of commands one is to enter into a terminal that look like this:

ssh -L2001:S:143 S

or even better yet:

ssh -g -L P:S:W B

It gets pointlessly confusing. If you don't already know what you're doing, you'll probably think that those capital letters are arguments you should type into your terminal rather than the names of computers and ports you're supposed to insert yourself, especially when there are absolutely NO full, syntactically correct examples of these commands given anywhere in the book. It's like it would kill them to type out a single working example. I would suggest the possibility that they might suffer from severe carpal tunnel syndrome as an explanation for this terseness were it not for the amazing displays of verbosity these very same authors seem to be capable of whenever another opportunity to shamelessly plug Tectia presents itself. If I didn't know better I'd think there was a product placement deal at work here.

On top of all of this, the illustrations are just awful. Not only are they frequently as ambiguous as the command line examples they are meant to illustrate, but they are also labeled inconsistently, and worst of all, are often placed 2-3 pages away from the text they are meant to compliment. You can easily waste hours of time flipping back and forth between lines like "ssh -g -L P:S:W B" and the pictures of poorly drawn boxes which defy all laws of perspective and clouds with arrows pointing all over the place that are meant to clarify them somehow.

I'm sure the authors know a lot more about SSH than I ever will, but they cannot write, and I wish O'Reilly's editors would start enforcing some kind of quality control in their publications. There are free tutorials out there that are better than this tripe, and many of them are written by 11 year olds.

SSH, the Secure Shell: The Defintiive Guide is another great book from O'Reilly. As the name would suggest, however, it's not so much a meant as a tutorial or a howto as it is an in-depth analysis of SSH's workings, though the examples given could probably be used as the former.

The first chapters of the book begin with a lookat what SSH is, a summary of its general uses, and the differences between the various SSH implmentations. It then quickly moves onto a number of practical examples, with explanations of both the 'how' and 'why' behind the examples.

Some of the more interesting examples are those that demonstrate X11 tunnelling, key management, and how SSH can be integrated with other applications (such as PGP, for example).

One of the major faults of the book is in the writing style. The regular switching back and forth between a conversational tone and a serious, technical one was something that I found rather annoying. But other than that, this is more or less a well-rounded and nicely written book on SSH, and I would certainly recommend it to anyone who is interested in this topic.

I consider myself a prolific reader of O'Reilly books, and out of the many I have read, I find this book one of the best. Its strong points are its excellent writing style, excellent formatting, and comprehensive treatment of the subject.

I find the writing style to be very easy to read, and entertaining, but more importantly, the authors make every effort to clarify important SSH concepts, and then relate them to later chapters. The fact that the authors take the time to review and relate the information covered in previous chapters is something most authors miss, yet is very effective in making sure the reader will remember the information in the long term.

The format too is excellent in subtle ways. When the authors refer to a concept in another chapter, they mark the chapter and section number in brackets nearby. This makes looking up information much easier, and is another thing computer writers tend to overlook. I sincerely hope these guys write more books for O'Reilly.

In terms of covering SSH, this book can't be beat. Admittedly, the focus is very much on SSH for Unix, but the authors admit that from the start and point out chapters that are useful for PC/Mac users. This book covers every facet of SSH1,SSH2, and OpenSSH, and covers all three effectively.

To summarize, anyone interested in SSH is strongly encouraged to read this book, particularly if you use Unix/Linux. I feel that reading this book was time very well spent, and feel much more confident in regards to using SSH.