SSH the Secure Shell

Daniel J. Barrett, Ph.D., has been immersed in Internet technology since 1985. Currently a software engineer and vice president at a well-known financial services company, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. Dan has written several other O'Reilly books, including NetResearch: Finding Information Online and Bandits on the Information Superhighway, as well as monthly columns for Compute! and Keyboard Magazine. He and his family reside in Boston. You may write to Dan at dbarrett@oreilly.com. Richard E. Silverman first touched a computer as a college junior in 1986, when he logged into a DEC-20, typed MM to send some mail, and was promptly lost to the world. He eventually resurfaced and discovered he had a career, which was convenient but somewhat disorienting, since he hadn't really been looking for one. Since earning his B.A. in computer science and M.A. in pure mathematics, Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. Outside of work, he loves to read, study languages and mathematics, sing, dance, and exercise. You may write to Richard at res@oreilly.com.

Preface 1. Introduction to SSH What Is SSH? What SSH Is Not The SSH Protocol Overview of SSH Features History of SSH Related Technologies Summary 2. Basic Client Use A Running Example Remote Terminal Sessions with ssh Adding Complexity to the Example Authentication by Cryptographic Key The SSH Agent Connecting Without a Password or Passphrase Miscellaneous Clients Summary 3. Inside SSH Overview of Features A Cryptography Primer The Architecture of an SSH System Inside SSH-1 Inside SSH-2 As-User Access (userfile) Randomness SSH and File Transfers (scp and sftp) Algorithms Used by SSH Threats SSH Can Counter Threats SSH Doesn't Prevent Summary 4. Installation and Compile-Time Configuration SSH1 and SSH2 F-Secure SSH Server OpenSSH Software Inventory Replacing R-Commands with SSH Summary 5. Serverwide Configuration The Name of the Server Running the Server Server Configuration: An Overview Getting Ready: Initial Setup Letting People in: Authentication and Access Control User Logins and Accounts Subsystems History, Logging, and Debugging Compatibility Between SSH-1 and SSH-2 Servers Summary 6. Key Management and Agents What Is an Identity? Creating an Identity SSH Agents Multiple Identities Summary 7. Advanced Client Use How to Configure Clients Precedence Introduction to Verbose Mode Client Configuration in Depth Secure Copy with scp Summary 8. Per-Account Server Configuration Limits of This Technique Public Key-Based Configuration Trusted-Host Access Control The User rc File Summary 9. Port Forwarding and X Forwarding What Is Forwarding? Port Forwarding X Forwarding Forwarding Security: TCP-wrappers and libwrap Summary 10. A Recommended Setup The Basics Compile-Time Configuration Serverwide Configuration Per-Account Configuration Key Management Client Configuration Remote Home Directories (NFS, AFS) Summary 11. Case Studies Unattended SSH: Batch or cron Jobs FTP Forwarding Pine, IMAP, and SSH Kerberos and SSH Connecting Through a Gateway Host 12. Troubleshooting and FAQ Debug Messages: Your First Line of Defense Problems and Solutions Other SSH Resources Reporting Bugs 13. Overview of Other Implementations Common Features Covered Products Table of Products Other SSH-Related Products 14. SSH1 Port by Sergey Okhapkin (Windows) Obtaining and Installing Clients Client Use Obtaining and Installing the Server Troubleshooting Summary 15. SecureCRT (Windows) Obtaining and Installing Basic Client Use Key Management Advanced Client Use Forwarding Troubleshooting Summary 16. F-Secure SSH Client (Windows, Macintosh) Obtaining and Installing Basic Client Use Key Management Advanced Client Use Forwarding Troubleshooting Summary 17. NiftyTelnet SSH (Macintosh) Obtaining and Installing Basic Client Use Troubleshooting Summary A. SSH2 Manpage for sshregex B. SSH Quick Reference Index