HomeBook ReviewsE-mail ListsCLUE DevLogosResourcesSponsorsContacts
Meeting Archives
tux the penguin
Linux is a registered trademark of Linus Torvalds.
Please help support CLUE

AuthorsRichard Silverman, Daniel J. Barrett.
TitleSSH, The Secure Shell: The Definitive Guide (2001)
Rating (1=safely ignore; 5=must have!)
ReviewerDave Anselmi.
SummaryThis book is quite thorough. Read the preface and start with the chapters recommended for your interest level.
Review Chapter one introduces SSH, what it can be used for, and how it came about. Since the book covers 3 packages, 2 protocols, and clients and servers there is a convention presented to keep them all straight. Client use is covered in chapter two including most things the casual user will want to do. Chapter three provides a list of the security features in SSH, a concise introduction to cryptography, a lengthy discussion on the two versions of the protocol, and a list of the algorithms employed. It finishes with valuable sections on the threats SSH does and does not counter.

Chapter four details installation procedures and covers compile time configuration. While not very interesting, it is methodic and there is a handy software inventory to make sense of the various programs and files--useful for administrators of heterogeneous SSH environments. Server wide configuration, emphasizing access control, is the subject of chapter five. Chapter six introduces the use of cryptographic keys for identification and explains how to use an agent program to perform authentication--allowing some of the convenience of "single sign-on". All the details about client use and configuration that were glossed over in chapter two are examined in chapter seven. Chapter eight offers an intriguing look at how per-account server configuration gives users flexible control over their accounts so they can give limited access to others.

Chapter nine is about port forwarding, a feature that lets other network applications benefit from the security features in SSH. The topic is complex, especially when considering X applications, but there is enough background material to make it reasonably straightforward. The recommended setup presented in chapter ten is a good summary in case you weren't paying attention in the previous chapters. Chapter eleven presents five case studies on more difficult topics such as forwarding ftp and using kerberos with SSH. If you missed something and your SSH doesn't work, chapter twelve is about troubleshooting. It describes how to get more information out of your SSH session and quite a few common errors in a well organized fashion.

The book could end there, but it doesn't. Chapter 13 is a comprehensive comparison of SSH products and chapters fourteen through seventeen cover use of some popular Windows and Macintosh clients. Appendix A is the sshregex man page and appendix B is a quick reference of the three packages covered in the book.

Because the book is organized by concept, simultaneous coverage of several packages and protocols sometimes muddies the discussion. But it also makes returning to specific topics easy as well as finding the right level of detail. The technical depth is excellent, which makes this a valuable resource in operating a production SSH environment.