SSH, The Secure Shell: The Definitive Guide

As befits its detail- and variation-rich subject, this book comprises many specialized sections, each dealing with some specific aspect of use or configuration (setting up access control at the account level, for example, or generating keys for a particular SSH server). The writing is both informative and fun to read; the authors switch back and forth between text and entry-and-response listings from SSH machines. They often run through a half-dozen or more variants on the same command in a few pages, providing the reader with lots of practical information. The discussion of how SSH fits into a Kerberos Public Key Infrastructure (PKI) is great, as is the advice on defeating particular kinds of attacks. --David Wall

Topics covered:

• The Secure Shell (SSH) for installers, administrators, and everyday users
• SSH design and operation
• Server setup
• SSH agents
• Client configuration
• Public Key Infrastructure (PKI) integration
• SSH1
• SSH2
• F-Secure
• OpenSSH for Unix
• SSH1 and SecureCRT for Microsoft Windows
• NiftyTelnet SSH for Mac OS

all data is inherently open and unregulated.

There are solutions to this predicament. One solution is called SSH (Secure Shell). SSH provides a way to take that "postcard" and have it securely delivered by a courier.

In a nutshell, the book SSH, the Secure Shell: The Definitive Guide expands on two basic ideas: - Privacy is a basic human right, but on today's computer networks, privacy isn't guaranteed. - SSH is a simple idea, but it has many complex parts.

But the truth is that the need for privacy and security on today's networks is far too important to be encapsulated in two bullets. This book is so loaded with valuable and important information that anyone using or administering SSH should read it thoroughly.

As an introduction, SSH is a protocol that enables secure communications between computer systems that are communicating over insecure channels. SSH is more than simply a point-to-point encryption process such as a VPN. SSH allows users to authenticate themselves to remote hosts. After authentication, users can securely execute commands on a remote machine. SSH fills in for the security deficiencies that are inherent in applications such as telnet, ftp, rlogin, rsh, and rcp. The book also shows how SSH can be used to secure other protocols, such as POP, SMTP, IMAP, and others.

SSH was developed in response to the Unix "r" commands' (rsh, rlogin, rcp) vulnerability to attack. Some of these vulnerabilities include password and protocol sniffing, spoofing, eavesdropping and connection hijacking.

SSH, the Secure Shell: The Definitive Guide is everything you need to know about SSH and lives up to its bold claim of being a definitive guide. After an introduction to SSH -- why it came to be needed and its features and history -- the book goes into the core of the administration and use of SSH. The authors explain that SSH is in reality, not a true shell. The two versions of secure shell are SSH1 and SSH2; the book distinguishes between the two and describes when to use each version.

Chapter 2 details the basic client use of SSH. It shows how remote sessions are managed by the program and the various ways a user can authenticate to an SSH server.

Subsequent chapters cover the aspects of installing and compiling SSH. A myriad of different configuration possibilities are discussed. As the authors maintain, SSH is at its foundation a simple idea, but it has countless complex parts. SSH allows for a highly configurable architecture and provides both strong encryption and public-key authentication, but this comes at the price of complexity. The book allows an SSH administrator to understand the various versions and implementations of SSH (SSH1, SSH2, OpenSSH, F-Secure SSH, in addition to ports for Unix, Windows and Macintosh).

Chapter 9 provides in-depth coverage of a powerful feature of SSH -- port forwarding and X forwarding. Forwarding enables SSH to intercept service requests from another software program on one side of the SSH connection, send it across the encrypted connection, and then deliver it to the intended recipient on the other side. X Forwarding enables a user to securely run remote X Window applications by securing the X protocol traffic.

The authors demonstrate their extensive real-world experience with SSH throughout the book. The book includes many technical tips that could only have been obtained through extensive and widespread use. This attention to detail is especially useful considering the documentation provided with the free SSH implementation is often inaccessible for those without extensive SSH experience. Chapter 11 -- Case Studies, available on-line at Unix Review's book excerpt's -- details examples of real-world use of SSH. Two examples are how to integrate SSH with Pine or IMAP and the use of Kerberos with SSH. Anyone attempting such installations and configurations can attest to the difficulties involved.

For anyone who has had occasion to troubleshoot SSH, Chapter 12 -- Troubleshooting and Frequently Asked Questions -- will be a real boon. Many of the common (and some not so common) issues that have left many SSH systems administrators scratching their heads are addressed in this chapter.

For the SSH aficionado on a tight budget, the comprehensive SSH FAQ can be downloaded from various sites on the Web. For everyone else who needs to understand the often-undocumented inner-workings of SSH, this book is required reading.

The best SSH publication yet.   March 17, 2002
Marco De Vivo (Miami, Florida United States)
15 out of 18 found this review helpful

SSH:

- A complex and hard to master protocol (protocols).
- An invaluable defensive weapon against several types of attacks.
- In short time, SSH will be the 'de facto' privacy standard for remote connections and transference.

The Approach:

Three extraordinary introduction chapters, clearly and well written, lead you step by step into SSH internals. Several clever graphics, and a lot of basic definitions makes these chapters absolutely self contained.
The rest of the chapters are carefully dedicated to issues related to implementation and use of SSH, and to ports to several Operating Systems.

The Book:

540+ Pages well structured into 17 chapters and two appendixes.
Clever conventions, and a very useful 'Which Chapters Are for You' guide.
Plenty of 'real world' examples and 63 pages of special case studies.

The Covered Protocols:

- SSH1.
- F-Secure SSH1.
- OpenSSH.
- SSH2.
- F-Secure SSH2.

The Intended Audience:

Quoting the authors: " We've written this book for system administrators and technically minded users. Some chapters are suitable for a wide audience, while others are thoroughly technical and intended for computer and networking professionals."

The Bottom Line:

Being a computer security professor, I constantly assign to my students complex laboratory works related to SSH. Well, with the only help of this book, they usually succeed in their tasks and even improve the original projects.
It is a worthy book and really deserves to be purchased.


THE book for ssh   January 15, 2002
Kip Perkins (Mt Juliet, TN United States)
6 out of 6 found this review helpful

If you are a UNIX/Linux admin or user, and want the best documentation on SSH then this is the book. I personally don't like reading HOWTOs, FAQs, etc on the Computer screen (trying to save my eyes). Anyway, this book gives a well ordered explaination of ssh giving you the ability to read by topic. For example, if you are interested in the options available to configure the authentication process, it is not simply lumped in the list of sshd_config options, but is ALL located in the same place with a good discussion of the option. It is well indexed to find what you need quickly.

One of the best features of the book is that it covers ssh1,
ssh2, and Openssh. Using the authentication example, the book gives you how ssh1 handles it first, then ssh2, and then Openssh. Which is important since they will sometimes handle things differently.

This is only the second book I have used that covers SSH, and it is without a doubt, the better of the two. If you use SSH for production systems, this book is a must.


The Definitive Guide for SSH, excellent format.   October 27, 2001
Gerald Ford (The Jack n' the Box at the corner)
4 out of 4 found this review helpful

I consider myself a prolific reader of O'Reilly books, and out of the many I have read, I find this book one of the best. Its strong points are its excellent writing style, excellent formatting, and comprehensive treatment of the subject.

I find the writing style to be very easy to read, and entertaining, but more importantly, the authors make every effort to clarify important SSH concepts, and then relate them to later chapters. The fact that the authors take the time to review and relate the information covered in previous chapters is something most authors miss, yet is very effective in making sure the reader will remember the information in the long term.

The format too is excellent in subtle ways. When the authors refer to a concept in another chapter, they mark the chapter and section number in brackets nearby. This makes looking up information much easier, and is another thing computer writers tend to overlook. I sincerely hope these guys write more books for O'Reilly.

In terms of covering SSH, this book can't be beat. Admittedly, the focus is very much on SSH for Unix, but the authors admit that from the start and point out chapters that are useful for PC/Mac users. This book covers every facet of SSH1,SSH2, and OpenSSH, and covers all three effectively.

To summarize, anyone interested in SSH is strongly encouraged to read this book, particularly if you use Unix/Linux. I feel that reading this book was time very well spent, and feel much more confident in regards to using SSH.


SSH, the Secure Shell : The Definitive Guide   August 5, 2001
T. Bass (Palo Alto, CA United States)
3 out of 3 found this review helpful

Simply a great book. Highly recommended for anyone interested in SSH. Also great for anyone interested about basic client-server cryptographic services on the net. This book is well written and good reading.