SSH, The Secure Shell - The Definitive Guide (2001) - SSH The Secure Shell The Definitive Guide By Daniel J Barrett Ph.D Richard Silverman Publisher

SSH, The Secure Shell - The Definitive Guide (2001) - SSH...

This preview shows page 1 out of 438 pages.

You've reached the end of your free preview.

Want to read all 438 pages?

Unformatted text preview: SSH, The Secure Shell: The Definitive Guide By Daniel J. Barrett, Ph.D., Richard Silverman Publisher : O'Reilly Pub Date : January 2001 ISBN : 0-596-00011-1 Pages : 558 AM FL Y SSH (Secure Shell) is a popular, robust, TCP/IP-based product for network security and privacy, supporting strong encryption and authentication. This book covers Unix, Windows, and Macintosh implementations of SSH. It shows both system administrators and end users how to install, maintain, and troubleshoot SSH; configure servers and clients in simple and complex ways; apply SSH to practical problems; and protect other TCP applications through forwarding (tunneling). TE Table of Contents Team-Fly® Table of Content Table of Content ......................................................................................................ii Preface....................................................................................................................vii Protect Your Network with SSH ......................................................................vii Intended Audience ............................................................................................vii Reading This Book.......................................................................................... viii Our Approach......................................................................................................ix Which Chapters Are for You? ..........................................................................ix Supported Platforms ...........................................................................................x Disclaimers...........................................................................................................x Conventions Used in This Book........................................................................x Comments and Questions ................................................................................xi Acknowledgments ..............................................................................................xi Chapter 1. Introduction to SSH .............................................................................1 1.1 What Is SSH?................................................................................................1 1.2 What SSH Is Not...........................................................................................2 1.3 The SSH Protocol.........................................................................................3 1.4 Overview of SSH Features .........................................................................5 1.5 History of SSH...............................................................................................8 1.6 Related Technologies ................................................................................10 1.7 Summary......................................................................................................14 Chapter 2. Basic Client Use ................................................................................15 2.1 A Running Example ...................................................................................15 2.2 Remote Terminal Sessions with ssh .......................................................15 2.3 Adding Complexity to the Example..........................................................17 2.4 Authentication by Cryptographic Key ......................................................20 2.5 The SSH Agent ...........................................................................................25 2.6 Connecting Without a Password or Passphrase ...................................29 2.7 Miscellaneous Clients ................................................................................30 2.8 Summary......................................................................................................32 Chapter 3. Inside SSH..........................................................................................33 3.1 Overview of Features.................................................................................33 3.2 A Cryptography Primer ..............................................................................35 3.3 The Architecture of an SSH System........................................................38 3.4 Inside SSH-1 ...............................................................................................40 3.5 Inside SSH-2 ...............................................................................................56 3.6 As-User Access (userfile)..........................................................................67 3.7 Randomness ...............................................................................................67 3.8 SSH and File Transfers (scp and sftp)....................................................69 3.9 Algorithms Used by SSH...........................................................................72 3.10 Threats SSH Can Counter......................................................................78 3.11 Threats SSH Doesn't Prevent ................................................................80 3.12 Summary....................................................................................................83 Chapter 4. Installation and Compile-Time Configuration................................84 4.1 SSH1 and SSH2 .........................................................................................84 4.2 F-Secure SSH Server ..............................................................................102 4.3 OpenSSH...................................................................................................103 ii 4.4 Software Inventory ...................................................................................106 4.5 Replacing R-Commands with SSH........................................................107 4.6 Summary....................................................................................................110 Chapter 5. Serverwide Configuration...............................................................111 5.1 The Name of the Server ..........................................................................111 5.2 Running the Server ..................................................................................112 5.3 Server Configuration: An Overview .......................................................114 5.4 Getting Ready: Initial Setup ....................................................................118 5.5 Letting People in: Authentication and Access Control........................132 5.6 User Logins and Accounts ......................................................................151 5.7 Subsystems ...............................................................................................153 5.8 History, Logging, and Debugging...........................................................154 5.9 Compatibility Between SSH-1 and SSH-2 Servers.............................163 5.10 Summary..................................................................................................164 Chapter 6. Key Management and Agents .......................................................165 6.1 What Is an Identity? .................................................................................166 6.2 Creating an Identity ..................................................................................168 6.3 SSH Agents ...............................................................................................175 6.4 Multiple Identities ......................................................................................192 6.5 Summary....................................................................................................194 Chapter 7. Advanced Client Use ......................................................................196 7.1 How to Configure Clients.........................................................................196 7.2 Precedence ...............................................................................................205 7.3 Introduction to Verbose Mode ................................................................205 7.4 Client Configuration in Depth..................................................................206 7.5 Secure Copy with scp ..............................................................................233 7.6 Summary....................................................................................................241 Chapter 8. Per-Account Server Configuration................................................242 8.1 Limits of This Technique .........................................................................242 8.2 Public Key-Based Configuration ............................................................243 8.3 Trusted-Host Access Control..................................................................259 8.4 The User rc File ........................................................................................260 8.5 Summary....................................................................................................260 Chapter 9. Port Forwarding and X Forwarding...............................................261 9.1 What Is Forwarding? ................................................................................262 9.2 Port Forwarding ........................................................................................262 9.3 X Forwarding .............................................................................................280 9.4 Forwarding Security: TCP-wrappers and libwrap................................290 9.5 Summary....................................................................................................295 Chapter 10. A Recommended Setup ...............................................................296 10.1 The Basics...............................................................................................296 10.2 Compile-Time Configuration.................................................................296 10.3 Serverwide Configuration......................................................................297 10.4 Per-Account Configuration....................................................................301 10.5 Key Management ...................................................................................301 10.6 Client Configuration ...............................................................................302 10.7 Remote Home Directories (NFS, AFS)...............................................302 10.8 Summary..................................................................................................304 Chapter 11. Case Studies..................................................................................305 11.1 Unattended SSH: Batch or cron Jobs .................................................305 iii 11.2 FTP Forwarding ......................................................................................310 11.3 Pine, IMAP, and SSH ............................................................................327 11.4 Kerberos and SSH .................................................................................333 11.5 Connecting Through a GatewayHost ..................................................349 Chapter 12. Troubleshooting and FAQ............................................................356 12.1 Debug Messages: Your First Line of Defense...................................356 12.2 Problems and Solutions ........................................................................358 12.3 Other SSH Resources ...........................................................................373 12.4 Reporting Bugs .......................................................................................375 Chapter 13. Overview of Other Implementations...........................................376 13.1 Common Features .................................................................................376 13.2 Covered Products...................................................................................376 13.3 Table of Products ...................................................................................377 13.4 Other SSH-Related Products ...............................................................383 Chapter 14. SSH1 Port by Sergey Okhapkin (Windows) .............................384 14.1 Obtaining and Installing Clients ...........................................................384 14.2 Client Use ................................................................................................388 14.3 Obtaining and Installing the Server .....................................................388 14.4 Troubleshooting......................................................................................390 14.5 Summary..................................................................................................391 Chapter 15. SecureCRT (Windows).................................................................392 15.1 Obtaining and Installing.........................................................................392 15.2 Basic Client Use .....................................................................................392 15.3 Key Management ...................................................................................393 15.4 Advanced Client Use .............................................................................394 15.5 Forwarding...............................................................................................395 15.6 Troubleshooting......................................................................................397 15.7 Summary..................................................................................................398 Chapter 16. F-Secure SSH Client (Windows, Macintosh)............................399 16.1 Obtaining and Installing.........................................................................399 16.2 Basic Client Use .....................................................................................399 16.3 Key Management ...................................................................................400 16.4 Advanced Client Use .............................................................................401 16.5 Forwarding...............................................................................................403 16.6 Troubleshooting......................................................................................405 16.7 Summary..................................................................................................406 Chapter 17. NiftyTelnet SSH (Macintosh) .......................................................407 17.1 Obtaining and Installing.........................................................................407 17.2 Basic Client Use .....................................................................................408 17.3 Troubleshooting......................................................................................409 17.4 Summary..................................................................................................410 Appendix A. SSH2 Manpage for sshregex .....................................................411 Appendix B. SSH Quick Reference..................................................................414 2.1 Legend .......................................................................................................414 2.2 sshd Options..............................................................................................414 2.3 sshd Keywords..........................................................................................415 2.4 ssh and scp Keywords.............................................................................419 2.5 ssh Options................................................................................................421 2.6 scp Options................................................................................................422 2.7 ssh-keygen Options .................................................................................423 iv 2.8 ssh-agent Options ....................................................................................424 2.9 ssh-add Options........................................................................................424 2.10 Identity and Authorization Files ............................................................424 2.11 Environment Variables ..........................................................................425 Colophon ..............................................................................................................426 v Copyright © 2001 O'Reilly & Associates, Inc. All rights reserved. Printed in the United States of America. Published by O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol, CA 95472. Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly & Associates, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O'Reilly & Associates, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. The association between the image of a land snail and the topic of SSH is a trademark of O'Reilly & Associates, Inc. While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. vi Preface Privacy is a basic human right, but on today's computer networks, privacy isn't guaranteed. Much of the data that travels on the Internet or local networks is transmitted as plain text, and may be captured and viewed by anybody with a little technical know-how. The email you send, the files you transmit between computers, even the passwords you type may be readable by others. Imagine the damage that can be done if an untrusted third party—a competitor, the CIA, your in-laws— intercepted your most sensitive communications in transit. Network security is big business as companies scramble to protect their information assets behind firewalls, establish virtual private networks (VPNs), and encrypt files and transmissions. But hidden away from all the bustle, there is a small, unassuming, yet robust solution many big companies have missed. It's reliable, reasonably easy to use, cheap, and available for most of today's operating systems. It's SSH, the Secure Shell. Protect Your Network with SSH SSH is a low-cost, software-based solution for keeping prying eyes away from the data on a network. It doesn't solve every privacy and security problem, but it eliminates several of them effectively. Its major features are: • • • • • A secure, client/server protocol for encrypting and transmitting data over a network Authentication (recognition) of users by password, host, or public key, plus optional integration with other popular authentication systems, including Kerberos, SecurID, PGP, TIS Gauntlet, and PAM The ability to add security to insecure network applications such as Telnet, FTP, and many other TCP/IP-based programs and protocols Almost complete transparency to the end user Implementations for most operating systems Intended Audience We've written this book for system administrators and technically minded users. Some chapters are suitable for a wide audience, while others are thoroughly technical and intended for computer and networking professionals. End-User Audience Do you have two or more computer accounts on different machines? SSH lets you connect one to another with a high degree of security. You can copy files between accounts, remotely log into one account from the other, or execute remote commands, all with the confidence that nob...
View Full Document

  • Fall '09
  • ........., SSH, Secure Shell

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture