Trusted SF Member
Joined: 26 Aug 2003
Location: Warwickshire, England, UK
|Posted: Sat Jun 25, 2005 12:25 pm Post subject: Book - SSH, The Secure Shell: The Definitive Guide, 2nd Ed.
SSH, The Secure Shell: The Definitive Guide, Second Edition
Author: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
Date Published: May 2005
Book Specifications: Softcover, 645 pages
Category: Networking/Computer Security
Publisher's Suggested User Level: None
Reviewer's Suggested User Level: Users, System Administrators
Suggested Publisher Price: US$39.95 / CAN$55.95
From back cover:
SSH, The Secure Shell: The Definitive Guide, Second Edition, covers the Secure Shell in detail for both system administrators and end users. This new edition adds over 100 new features and options from the latest versions of OpenSSH and SSH Tectia (formerly known as SSH2 from ssh.com). It focuses on the SSH-2 protocol, its internals, and its most popular implementations.
This second edition is an updated version of the book I reviewed a few months ago. The review of the first edition can be found at http://www.security-forums.com/forum/viewtopic.php?t=28633
My positive comments from that review still hold for this edition of the book, but it has been improved in many ways, and now covers the SSH-2 protocol more completely for modern implementations.
SSH is an ever increasingly useful tool, and one I would struggle to survive without, in the world of computing. This book guides users and administrators through the process of installing, configuring and using SSH, from basic remote shell operations to complex port forwarding setups and beyond. The authors made an excellent attempt at the first edition, and this second edition polishes off the rough edges and adds content to accommodate for the rapid pace at which technology moves. This book is a must-have for any tech bookshelf.
This book begins lightly with a look at what SSH is, what SSH does, and where SSH came from. This background material serves as a useful primer to the material in the remainder of the book.
Chapter 2 introduces basic client usage; terminal sessions, key-based authentication and the SSH Agent. This chapter is, in effect, an overview of the contents of the remainder of the book, introducing the features of SSH all at once, such that the reader can skip to the chapters they are interested in, or at the very least gain an “all-round” understanding of the SSH protocol prior to reading about it in detail.
In chapter 3, the authors dive deep into the internals of SSH, explaining the protocols for SSH-2 and SSH-1. A canned review of cryptography is included in this chapter, which makes the content accessible to those not so well versed in such matters.
Chapter 4 covers installation and configuration performed at compile-time. It covers the latest OpenSSH implementation, as well as Tectia. This chapter is a useful read even for those who are not running their own SSH installation, as it explains which options are set at compile-time, and are therefore not available for later configuration.
In chapter 5, the server-wide configuration is discussed. Whilst this chapter is most useful to system administrators, the end user has much to gain by reading this chapter also. The chapter explains the configuration on a server-wide basis, and thus affects how flexible the per-user configuration is. As such, end-users will gain a deeper understanding of the SSH system from this chapter, and, as with any security tool, the better you understand it, the more likely you are to use it securely.
In chapter 6, the authors turn to public-key authentication, key management and the SSH Agent. The Agent allows users to load SSH keys into memory so that they do not need to continually type the passphrase to unlock a key every time they make an SSH-based connection to a remote server. This chapter details the process, along with warnings about the security of leaving an SSH Agent running on an unlocked workstation.
Chapters 7 and 8 turn the discussion towards more advanced usage of the clients, and configuring per-account settings. These chapters look into some of the more complex tasks SSH can be used to achieve, as well as detailing the scp and sftp file copy (or transfer) programs.
Port forwarding and X forwarding are the topic of chapter 9. The port forwarding feature of SSH has proved personally a most useful tool, on many occasions, and this chapter provides an in-depth discussion of the details involved with port forwarding. Local and remote forwarding are discussed, along with a new section dedicated to dynamic port forwarding, where the SSH client acts as a SOCKS proxy and creates tunnels with remote endpoints automatically, as needed. This is a welcome addition to the book, as it was not a feature of OpenSSH at the time the first edition was printed. X forwarding is also discussed in detail in this chapter.
In chapters 10 and 11, the authors take the reader through some recommended setups and case studies. This section of the book impressed me in the first edition, and performs equally well in the second edition. In many books, you are presented with the facts and somehow expected to piece them together for yourself. With a security program, however, such piecing together may not always result in the most secure system possible. The example configurations provided here act to illustrate what works and what doesn't, and provide template implementations from which powerful SSH-based systems can be built. This is one feature of the book that I hoped would remain in the second edition, and I was not disappointed. The authors have excelled themselves once again, in providing examples generic enough to be useful to many readers, but targeted enough to show the kind of powerful task you can achieve with SSH.
Chapter 12 revives yet another of the features I appreciated in the first edition. The troubleshooting section provides answers to the questions everyone asks at one time or another, without needing to search the Internet or call technical support. This chapter again provides a fall-back, a safety mat on which new users of SSH need not be afraid to land when trying out the topics covered in the rest of the book.
Chapters 13 through 18 discuss other implementations of SSH, including OpenSSH for Windows and Macintosh, Tectia for Windows, SecureCRT and SecureFX for Windows, and the (now world famous) PuTTY client for Windows. PuTTY is perhaps one of the most used SSH clients for Windows, and coverage of it in this book is both well deserved, and necessary, as many users of SSH use PuTTY from Windows, and this chapter explains how to leverage all of the power of SSH through the PuTTY client.
The book closes with 5 appendices, the first covering OpenSSH 4.0's new features, the second and third covering details of Tectia (manual page for sshregex and module names for debugging), the fourth covering the SSH-1 features of OpenSSH and Tectia, and the fifth being the SSH Quick Reference, revived from the first edition and updated to cover the SSH-2 features now in use. This quick reference is another of the features that make this book a powerful reference, as well as a detailed and comprehensive tutorial.
It was nice to see that the second edition embraced OpenSSH with more vigour, and covered SSH-2 in preference to SSH-1, as the SSH-2 protocol is now in use in virtually all SSH systems. This edition of the book updates the contents for 2005 and brings the book back in line with the latest technological advances.
Overall, this book still impresses. It hits the reader with a torrent of information and it is difficult to tear ones attention away from the book long enough to even perform such basic functions as eating or sleeping. This book is fast paced but understandable and accessible to all user levels. The authors explain every concept in detail and the illustrations are a valuable resource when dealing with the protocol internals and the port forwarding topics.
Giving this book anything less than a 10 out of 10 would be almost criminal. I cannot fault the content, layout or style of this book in any way. I hoped upon hearing there was to be a second edition that it would address the modern changes in SSH and cover OpenSSH more thoroughly. This book not only does that but it retains the style of writing that impressed me in the first edition. New sections integrate seamlessly with the content from the first edition and the read is still smooth and coherent. Another work of art from O'Reilly.
This book receives an honoured SFDC rating of 10/10
Keywords: SSH, secure shell, encryption, port forwarding, x forwarding, configuration, network security
This review is copyright 2005 by the author, Andrew J. Bennieston, and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.