Book Review: "SSH The Secure Shell", D.J. Barrett/R.E. Silverman

BKSSHLDG.RVW 20060910

"SSH The Secure Shell", Daniel J. Barrett/Richard E. Silverman, 2001,

0-596-00011-1, U$39.95/C$58.95 %A Daniel J. Barrett snipped-for-privacy@oreilly.com %A Richard E. Silverman snipped-for-privacy@oreilly.com %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2001 %G 0-596-00011-1 %I O'Reilly & Associates, Inc. %O U$39.95/C$58.95 800-998-9938 fax: 707-829-0104 snipped-for-privacy@ora.com %O
formatting link
formatting link
formatting link
Audience a+ Tech 2 Writing 2 (see revfaq.htm for explanation) %P 540 p. %S Definitive Guide %T "SSH The Secure Shell: The Definitive Guide"

The preface states that the book is intended for system administrators (who may be called upon to support SSH, or use it within their networks), users (who may wish to use SSH out of concern for their own privacy or the security of their transactions), and developers (who may be able to use SSH in order to provide robust and reliable security to their own applications at little development cost). The authors also note that there may be confusion between the protocol (denoted SSH), various products, and individual utilities and programs (indicated by lowercase: ssh).

Chapter one outlines what SSH is, and isn't, the basic services it provides (authentication, encryption, and integrity protection), and also notes other protocols and products that provide similar services. Basic operation of the most common clients (ssh and scp) is covered in chapter two, along with a terse but reasonable introduction to asymmetric key pairs. The internals of SSH, and a more extended discussion of cryptographic concepts, such as symmetric encryption, asymmetric, and hashing, are examined in chapter three. (The section concludes with a useful list of threats against which SSH provides little or no protection.) Extensive installation and configuration options are given in chapter four, with server configuration choices in five.

Chapter six seems to move the subject to operational issues, addressing key management, and particularly SSH agent use of keys. Advanced topics governing client use are provided in chapter seven. Chapter eight outlines alternative settings for the use of SSH with user accounts.

Chapter nine discusses forwarding, which can be used in both network administration (providing a secure tunnel within an unsecured environment) or development (adding encryption or integrity functionality to an application). While previous material gave details of configuration options, chapter ten furnishes the beleaguered sysadmin with a recommended initial configuration. Chapter eleven details options and setups for a variety of applications and situations. Troubleshooting guidance, and a list of common problems, is supplied in chapter twelve.

Chapter thirteen equips the reader with tables of settings and features pertinent to the various implementations of SSH. Since SSH is often seen as limited to the UNIX world, details of the Okhapkin SSH1 Windows port are given in chapter fourteen, with SecureCRT in fifteen, F-Secure SSH (for Windows and Mac) in sixteen, and NiftyTelnet (Mac) in seventeen.

Too many of the mature and useful security technologies languish in obscurity. Everybody knows that SSH exists, but too few people use it. Hopefully this reference might give more developers and users a chance to try it out, and administrators some resources to support it.

copyright Robert M. Slade, 2006 BKSSHLDG.RVW 20060910

====================== (quote inserted randomly by Pegasus Mailer) snipped-for-privacy@vcn.bc.ca snipped-for-privacy@victoria.tc.ca snipped-for-privacy@computercrime.org It is unclear what national interest is served by security agencies propagating this lurid urban myth [that terrorists have steganographically hidden messages in pornographic images]. Perhaps the goal is to manufacture an excuse for the failure to anticipate the events of September 11th. Perhaps it is preparing the ground for an attempt at bureaucratic empire-building via Internet regulation, as a diversionary activity from the much harder and less pleasant task of going after [terrorists]. Perhaps the vision of [accused terrorists] as cryptic pornographers is being spun to create a subconscious link, in the public mind, with the scare stories about child pornography that were used before September 11th to justify government plans for greater Internet regulation. - Ross Anderson, cryptome.org/al-stego-rot.htm Dictionary of Information Security

formatting link
formatting link

Reply to
Rob Slade
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.