Pro OpenSSH

Product Description

If you're the kind of person who likes to have some type of hardcopy around for reference, this will do just fine. Everything is covered very nicely.

— Joe Topjian, Adminspotting

SSH, or Secure Shell, is the de facto standard among users and administrators who wish to establish secure communication between disparate networks. This book is authored by a Fortune 100 system administrator, who will provide you with a highly practical reference for configuring and deploying OpenSSH in your own environment.

Some of the topics covered in this book include: OpenSSH installation and configuration, key management, secure logging, client/server architectures, and digital certificates. The author also provides you with complete deployment scenarios that arise daily in enterprise environments, both large and small.

Product Details

* Amazon Sales Rank: #453445 in Books
* Published on: 2005-10-12
* Original language: English
* Number of items: 1
* Binding: Paperback
* 312 pages

Editorial Reviews

About the Author
Michael Stahnke works as a Unix Security Administrator at a Fortune 100 company in the Midwest. He has headed implementation of Secure Shell for his corporate IT group and assisted with global production rollouts. Additionally, he has led several studies and projects to improve the security state of his large-scale UNIX/Linux environment. When not devoting his time to improving security at work, Michael spends time researching and applying new open-source technologies and practices. Michael has also done contract programming to create content management solutions utilizing PHP, Perl, MySQL and C++.
Customer Reviews

Master OpenSSH like a pro3
The title of this book doesn't seem to refer to what it expects you to know when you start the book. Rather, you can enter a novice and, after reading the book and following the examples, become an SSH pro. A pretty powerful statement, and a promise the book basically lives up to. The book focuses on OpenSSH, the dominant SSH implementation on the Internet today. Alternatives, and how they're different, are discussed at the end of the book.

A lot has changed since the O'Reilly book on SSH (The Definitive Guide) was published, meaning new versions of SSH, new capabilities, and new tools to help you use SSH. What Stahnke's book has done is to assemble them all into a single place and provide a comprehensive, and clear, overview of them.

Part one of the book covers real basic SSH stuff: the protocols that we used to use, and how SSH has taken to replacing them all. The two chapters in this part are clear and simple, but there's little technical meat. You'll get to that quickly.

Part two covers SSH configuration options, and there's a myriad set of options for both the client and the server. Without wasting much space, causing a whole lot of redundancy with the (well annotated) configuration flies, the book does a decent job of hitting nearly every option available for both the client and the server. Authentication gets its own chapter, as can be expected, because it's a complex (but not a very complicated, as the book shows you) topic.

Chapter 7 covers TCP forwarding, which is one of those things that works pretty well but can be a bit tricky to set up sometimes. The options and setup makes sense, and its covered with clarity and skill.

Chapter 8 is one of the more valuable chapters, covering SSH environment management. Because you have keys and identities to manage, the process isn't always the easiest thing to do. Pro OpenSSH does a pretty good job of sharing secrets, giving insight into how the process can be managed and automated.

Chapter 9 is another one of the gems of the book. Only people who know a lot about system administration and SSH would have been able to write it so well, so clear, and so wisely. This is another uncommon facet of this book, and it's covered skillfully in Pro OpenSSH.

Chapter 10 and Appendix A cover some non-OpenSSH software, including the Tectia server and the various families of OpenSSH compatible clients, servers, and add-ons you can buy or download. Again, included for completeness, and some of it appears to receive little coverage elsewhere. Appendix B is another useful chapter, covering OpenSSH on Windows, where it's non-native but just as powerful.

Pro OpenSSH is a focused, high impact volume covering the bulk of what you would want to do with SSH in a system and network environment. The writing is clear, the examples are great, and the book delivers on its promise: you can walk in an OpenSSH novice and out a professional.

OpenSSH in depth4
If you are new to OpenSSH, don't let the "Pro" in the title scare you off; the first half of the 270-page book is just what you need: the first two chapters of Pro OpenSSH are of an introductory nature and introduce the reader to the insecurity of the legacy R-tools and telnet as well as a quick implementation of OpenSSH and a short introduction to the excellent PuTTY, an SSH client for Windows (this is expanded on in an appendix).

In part 2, Michael Stahnke discusses the configuration of OpenSSH starting with a detailed look at the files required by the client and the server portions of the program including manual-page-like descriptions of the keywords in sshd_config and the options and syntax of the command-line tools. The chapter on Authentication digs into Public Key Authentication, key generation and distribution as well as key management (also taken onto a new level in a later chapter), and agent forwarding. This is a must-read for anyone who uses SSH to connect to more than one host.

The advanced topics start in part 3, and this is where the "Pro" begins. The complex topic TCP forwarding is well explained and a number of diagrams help the reader to better understand the nitty-gritty of setting up tunnels with OpenSSH.

The most interesting chapter I found next; Managing your OpenSSH Environment, in which the author introduces an OpenSSH secure gateway that can be used in large environments. Securing OpenSSH, SSH- and Key-Management are followed by SSHFP (RFC 4255), a method to store public host keys in DNS. Stahnke implements a method for distributing public keys using RPM. Although that is interesting in itself, I strongly missed a discussion on storing SSH public keys in an LDAP directory; a must-have IMHO.

Part 4 of Pro OpenSSH deals with Administration. Sundry Shell and Perl scripts in real-world examples give the reader a good look into the capabilities of using OpenSSH in her own tools on her own systems. Last but not least, the appendices focus on alternative SSH clients and SSH on Windows.

Even if you have, like I have, already read SSH, The Secure Shell, Apress' Pro OpenSSH is well worth reading. I give it an 8/10.

Everything you need to know to implement5
Many legacy protocols and applications such as FTP, Telnet, rlogin, rsh, and rcp are inherently insecure because they send usernames and passwords in plain text or other insecure procedures. Secure Shell (SSH) was developed to resolve this problem. All the information you need in order to implement SSH is available on the Internet but is hard to filter through to find current and complete information. This is one of the problems this book addresses and is a good reason to purchase the book.

The author have organized the book well and move the reader from the basics of what SSH can do for you, installing, and configuring SSH through best practices for securing your SSH server, tunneling protocols, and administering your OpenSSH server. The author does an excellent job of explaining each step simply, concisely, and clearly without being too simplistic while still providing all the technical information you need to set it all up and get it running correctly. The book does not go into theoretical detail to any significant extent and so is not appropriate for someone wanting to learn theoretical implementation and programming OpenSSH. On the other hand, if all you want is to understand what it is, how to set it up and get it running correctly, and how to administer it once it is up then this is easily one of the best books on the subject. Pro OpenSSH is highly recommended.