If you are new to OpenSSH, don’t let the “Pro” in the title scare you off; the first half of the 270-page book is just what you need: the first two chapters of Pro OpenSSH are of an introductory nature and introduce the reader to the insecurity of the legacy R-tools and telnet as well as a quick implementation of OpenSSH and a short introduction to the excellent PuTTY, an SSH client for Windows (this is expanded on in an appendix). In part 2, Michael Stahnke discusses the configuration of OpenSSH starting with a detailed look at the files required by the client and the server portions of the program including manual-page-like descriptions of the keywords in sshd_config and the options and syntax of the command-line tools. The chapter on Authentication digs into Public Key Authentication, key generation and distribution as well as key management (also taken onto a new level in a later chapter), and agent forwarding. This is a must-read for anyone who uses SSH to connect to more than one host. The advanced topics start in part 3, and this is where the “Pro” begins. The complex topic TCP forwarding is well explained and a number of diagrams help the reader to better understand the nitty-gritty of setting up tunnels with OpenSSH. The most interesting chapter I found next; Managing your OpenSSH Environment, in which the author introduces an OpenSSH secure gateway that can be used in large environments. Securing OpenSSH, SSH- and Key- Management are followed by SSHFP(Secure Shell Fingerprints) (RFC 4255), a method to store public host keys in DNS. Stahnke implements a method for distributing public keys using RPM(RedHat Package Manager). Although that is interesting in itself, I strongly missed a discussion on storing SSH public keys in an LDAP directory; a must-have IMHO. Part 4 of Pro OpenSSH deals with Administration. Sundry Shell and Perl scripts in real-world examples give the reader a good look into the capabilities of using OpenSSH in her own tools on her own systems. Last but not least, the appendices focus on alternative SSH clients and SSH on Windows. Even if you have, like I have, already read SSH, The Secure Shell, Apress’ Pro OpenSSH is well worth reading. I give it an 8/10.

Books, Linux, SSH, and DNS :: 25 Jun 2006 :: e-mail