SSH, The Secure Shell

Dan Barrett has been immersed in Internet technology since 1985. Currently working as a software engineer, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. He is the author of O'Reilly's Linux Pocket Guide, and he is the coauthor of Linux Security Cookbook, and SSH, The Secure Shell: The Definitive Guide. He also writes monthly columns for Compute! and Keyboard Magazine, and articles for the O'Reilly Network. Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. He is the co-author of SSH, The Secure Shell: The Definitive Guide. Robert G. Byrnes, Ph.D., has been hacking on Unix systems for twenty years, and has been involved with security issues since the original Internet worm was launched from Cornell University, while he was a graduate student and system administrator. He is currently a software engineer at Curl Corporation, and has worked in the fields of networking, telecommunications, distributed computing, financial technology, and condensed matter physics.

Preface 1. Introduction to SSH 1.1 What Is SSH? 1.2 What SSH Is Not 1.3 The SSH Protocol 1.4 Overview of SSH Features; 1.5 History of SSH 1.6 Related Technologies 1.7 Summary; 2. Basic Client Use 2.1 A Running Example 2.2 Remote Terminal Sessions with ssh 2.3 Adding Complexity to the Example; 2.4 Authentication by Cryptographic Key 2.5 The SSH Agent; 2.6 Connecting Without a Password or Passphrase 2.7 Miscellaneous Clients 2.8 Summary 3. Inside SSH 3.1 Overview of Features 3.2 A Cryptography Primer 3.3 The Architecture of an SSH System 3.4 Inside SSH-2 3.5 Inside SSH-1; 3.6 Implementation Issues 3.7 SSH and File Transfers (scp and sftp) 3.8 Algorithms Used by SSH 3.9 Threats SSH Can Counter; 3.10 Threats SSH Doesn't Prevent 3.11 Threats Caused by SSH; 3.12 Summary 4. Installation and Compile-Time Configuration; 4.1. Overview 4.2 Installing OpenSSH 4.3 Installing Tectia; 4.4 Software Inventory 4.5 Replacing r-Commands with SSH; 4.6 Summary 5. Serverwide Configuration 5.1 Running the Server 5.2 Server Configuration: An Overview 5.3 Getting Ready: Initial Setup 5.4 Authentication: Verifying Identities; 5.5 Access Control: Letting People In 5.6 User Logins and Accounts 5.7 Forwarding 5.8 Subsystems 5.9 Logging and Debugging 5.10 Compatibility Between SSH-1 and SSH-2 Servers; 5.11 Summary 6. Key Management and Agents 6.1 What Is an Identity? 6.2 Creating an Identity 6.3 SSH Agents; 6.4 Multiple Identities 6.5 PGP Authentication in Tectia; 6.6 Tectia External Keys 6.7 Summary 7. Advanced Client Use; 7.1 How to Configure Clients 7.2 Precedence 7.3 Introduction to Verbose Mode 7.4 Client Configuration in Depth 7.5 Secure Copy with scp 7.6 Secure, Interactive Copy with sftp 7.7 Summary 8. Per-Account Server Configuration 8.1 Limits of This Technique 8.2 Public-Key-Based Configuration 8.3 Hostbased Access Control 8.4 The User rc File 8.5 Summary; 9. Port Forwarding and X Forwarding 9.1 What Is Forwarding?; 9.2 Port Forwarding 9.3 Dynamic Port Forwarding 9.4 X Forwarding 9.5 Forwarding Security: TCP-wrappers and libwrap; 9.6 Summary 10. A Recommended Setup 10.1 The Basics; 10.2 Compile-Time Configuration 10.3 Serverwide Configuration; 10.4 Per-Account Configuration 10.5 Key Management 10.6 Client Configuration 10.7 Remote Home Directories (NFS, AFS); 10.8 Summary 11. Case Studies 11.1 Unattended SSH: Batch or cron Jobs 11.2 FTP and SSH 11.3 Pine, IMAP, and SSH; 11.4 Connecting Through a Gateway Host 11.5 Scalable Authentication for SSH 11.6 Tectia Extensions to Server Configuration Files 11.7 Tectia Plugins 12. Troubleshooting and FAQ 12.1 Debug Messages: Your First Line of Defense; 12.2 Problems and Solutions 12.3 Other SSH Resources; 13. Overview of Other Implementations 13.1 Common Features; 13.2 Covered Products 13.3 Other SSH Products 14. OpenSSH for Windows 14.1 Installation 14.2 Using the SSH Clients 14.3 Setting Up the SSH Server 14.4 Public-Key Authentication; 14.5 Troubleshooting 14.6 Summary 15. OpenSSH for Macintosh; 15.1 Using the SSH Clients 15.2 Using the OpenSSH Server; 16. Tectia for Windows 16.1 Obtaining and Installing 16.2 Basic Client Use 16.3 Key Management 16.4 Accession Lite; 16.5 Advanced Client Use 16.6 Port Forwarding 16.7 Connector; 16.8 File Transfers 16.9 Command-Line Programs 16.10 Troubleshooting 16.11 Server17. SecureCRT and SecureFX for Windows 17.1 Obtaining and Installing 17.2 Basic Client Use 17.3 Key Management 17.4 Advanced Client Use 17.5 Forwarding; 17.6 Command-Line Client Programs 17.7 File Transfer 17.8 Troubleshooting 17.9 VShell 17.10 Summary 18. PuTTY for Windows 18.1 Obtaining and Installing 18.2 Basic Client Use; 18.3 File Transfer 18.4 Key Management 18.5 Advanced Client Use 18.6 Forwarding 18.7 Summary; A. OpenSSH 4.0 New Features; B. Tectia Manpage for sshregex; C. Tectia Module Names for Debugging; D. SSH-1 Features of OpenSSH and Tectia; E. SSH Quick Reference Index