Table of Contents for
SSH, The Secure Shell: The Definitive Guide, 2nd Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition SSH, The Secure Shell: The Definitive Guide, 2nd Edition by Robert G. Byrnes Published by O'Reilly Media, Inc., 2005
  1. Cover
  2. SSH, the Secure Shell, 2nd Edition
  3. Preface
  4. Protect Your Network with SSH
  5. Intended Audience
  6. Reading This Book
  7. Our Approach
  8. Which Chapters Are for You?
  9. Supported Platforms
  10. Disclaimers
  11. Conventions Used in This Book
  12. Comments and Questions
  13. Safari Enabled
  14. Acknowledgments
  15. 1. Introduction to SSH
  16. What Is SSH?
  17. What SSH Is Not
  18. The SSH Protocol
  19. Overview of SSH Features
  20. History of SSH
  21. Related Technologies
  22. Summary
  23. 2. Basic Client Use
  24. A Running Example
  25. Remote Terminal Sessions with ssh
  26. Adding Complexity to the Example
  27. Authentication by Cryptographic Key
  28. The SSH Agent
  29. Connecting Without a Password or Passphrase
  30. Miscellaneous Clients
  31. Summary
  32. 3. Inside SSH
  33. Overview of Features
  34. A Cryptography Primer
  35. The Architecture of an SSH System
  36. Inside SSH-2
  37. Inside SSH-1
  38. Implementation Issues
  39. SSH and File Transfers (scp and sftp)
  40. Algorithms Used by SSH
  41. Threats SSH Can Counter
  42. Threats SSH Doesn’t Prevent
  43. Threats Caused by SSH
  44. Summary
  45. 4. Installation and Compile-Time Configuration
  46. Overview
  47. Installing OpenSSH
  48. Installing Tectia
  49. Software Inventory
  50. Replacing r-Commands with SSH
  51. Summary
  52. 5. Serverwide Configuration
  53. Running the Server
  54. Server Configuration: An Overview
  55. Getting Ready: Initial Setup
  56. Authentication: Verifying Identities
  57. Access Control: Letting People In
  58. User Logins and Accounts
  59. Forwarding
  60. Subsystems
  61. Logging and Debugging
  62. Compatibility Between SSH-1 and SSH-2 Servers
  63. Summary
  64. 6. Key Management and Agents
  65. What Is an Identity?
  66. Creating an Identity
  67. SSH Agents
  68. Multiple Identities
  69. PGP Authentication in Tectia
  70. Tectia External Keys
  71. Summary
  72. 7. Advanced Client Use
  73. How to Configure Clients
  74. Precedence
  75. Introduction to Verbose Mode
  76. Client Configuration in Depth
  77. Secure Copy with scp
  78. Secure, Interactive Copy with sftp
  79. Summary
  80. 8. Per-Account Server Configuration
  81. Limits of This Technique
  82. Public-Key-Based Configuration
  83. Hostbased Access Control
  84. The User rc File
  85. Summary
  86. 9. Port Forwarding and X Forwarding
  87. What Is Forwarding?
  88. Port Forwarding
  89. Dynamic Port Forwarding
  90. X Forwarding
  91. Forwarding Security: TCP-Wrappers and libwrap
  92. Summary
  93. 10. A Recommended Setup
  94. The Basics
  95. Compile-Time Configuration
  96. Serverwide Configuration
  97. Per-Account Configuration
  98. Key Management
  99. Client Configuration
  100. Remote Home Directories (NFS, AFS)
  101. Summary
  102. 11. Case Studies
  103. Unattended SSH: Batch or cron Jobs
  104. FTP and SSH
  105. Pine, IMAP, and SSH
  106. Connecting Through a Gateway Host
  107. Scalable Authentication for SSH
  108. Tectia Extensions to Server Configuration Files
  109. Tectia Plugins
  110. 12. Troubleshooting and FAQ
  111. Debug Messages: Your First Line of Defense
  112. Problems and Solutions
  113. Other SSH Resources
  114. 13. Overview of Other Implementations
  115. Common Features
  116. Covered Products
  117. Other SSH Products
  118. 14. OpenSSH for Windows
  119. Installation
  120. Using the SSH Clients
  121. Setting Up the SSH Server
  122. Public-Key Authentication
  123. Troubleshooting
  124. Summary
  125. 15. OpenSSH for Macintosh
  126. Using the SSH Clients
  127. Using the OpenSSH Server
  128. 16. Tectia for Windows
  129. Obtaining and Installing
  130. Basic Client Use
  131. Key Management
  132. Accession Lite
  133. Advanced Client Use
  134. Port Forwarding
  135. Connector
  136. File Transfers
  137. Command-Line Programs
  138. Troubleshooting
  139. Server
  140. 17. SecureCRT and SecureFX for Windows
  141. Obtaining and Installing
  142. Basic Client Use
  143. Key Management
  144. Advanced Client Use
  145. Forwarding
  146. Command-Line Client Programs
  147. File Transfer
  148. Troubleshooting
  149. VShell
  150. Summary
  151. 18. PuTTY for Windows
  152. Obtaining and Installing
  153. Basic Client Use
  154. File Transfer
  155. Key Management
  156. Advanced Client Use
  157. Forwarding
  158. Summary
  159. A. OpenSSH 4.0 New Features
  160. Server Features: sshd
  161. Client Features: ssh, scp, and sftp
  162. ssh-keygen
  163. B. Tectia Manpage for sshregex
  164. Regex Syntax: Egrep Patterns
  165. Regex Syntax: ZSH_FILEGLOB (or Traditional) Patterns
  166. Character Sets for Egrep and ZSH_FILEGLOB
  167. Regex Syntax: SSH Patterns
  168. Authors
  169. See Also
  170. C. Tectia Module Names for Debugging
  172. D. SSH-1 Features of OpenSSH and Tectia
  173. OpenSSH Features
  174. Tectia Features
  175. E. SSH Quick Reference
  176. Legend
  177. sshd Options
  178. sshd Keywords
  179. ssh Options
  180. scp Options
  181. ssh and scp Keywords
  182. ssh-keygen Options
  183. ssh-agent Options
  184. ssh-add Options
  185. Identity and Authorization Files, OpenSSH
  186. Identity and Authorization Files, Tectia
  187. Environment Variables
  188. Index
  189. Index
  190. Index
  191. Index
  192. Index
  193. Index
  194. Index
  195. Index
  196. Index
  197. Index
  198. Index
  199. Index
  200. Index
  201. Index
  202. Index
  203. Index
  204. Index
  205. Index
  206. Index
  207. Index
  208. Index
  209. Index
  210. Index
  211. Index
  212. Index
  213. Index
  214. About the Authors
  215. Colophon
  216. Copyright

P

PAM (Pluggable Authentication Modules), 4.2.4.3 Networking, 4.2.4.3 Networking
OpenSSH authentication, 4.2.4.3 Networking
passive mode (FTP), 11.2.4.2 Using passive mode, 11.2.4.3 The “PASV port theft” problem
PASV port theft problem, 11.2.4.3 The “PASV port theft” problem
passphrases, 2.4.4 If You Change Your Key, The SSH Agent
changing, 2.4.4 If You Change Your Key
limitations, The SSH Agent
PasswdPath keyword (Tectia), 5.4.3 Public-Key Authentication
password authentication, 5.4.2 Password Authentication, 5.4.2.2 Empty passwords, 5.4.2.3 Expired passwords, Unattended SSH: Batch or cron Jobs, 12.2.2.2 Password authentication
batch jobs, issues with, Unattended SSH: Batch or cron Jobs
empty passwords, 5.4.2.2 Empty passwords
expired passwords, 5.4.2.3 Expired passwords
troubleshooting, 12.2.2.2 Password authentication
password cracking attacks, Threats SSH Doesn’t Prevent
PasswordAuthentication keyword, Authentication: Verifying Identities, 7.1.2.4 Multiple matches, 10.3.2.7 Access control, 10.3.3.5 Login time, 12.2.2.2 Password authentication
PasswordGuesses keyword (Tectia), 5.3.3.6 Failed logins
PasswordPrompt keyword, 7.4.6.3 Password prompting in Tectia
passwords, 4.2.4.5 Access control
one-time passwords, 4.2.4.5 Access control
PenguiNet, 13.3.7 Microsoft Windows
per-account configuration, 4.1.5 Perform Compile-Time Configuration, Per-Account Server Configuration, Limits of This Technique, Limits of This Technique, 8.1.2 Authentication Issues, 8.2.2 Tectia Authorization Files, 8.2.3.7 Forced commands and secure copy (scp), 8.2.4.2 Tectia host access control, Hostbased Access Control, Summary, 10.3.3.9 Encryption, 12.2.3.3 Per-account authorization files
advantages, Limits of This Technique
authentication, 8.1.2 Authentication Issues, 8.2.2 Tectia Authorization Files, 8.2.3.7 Forced commands and secure copy (scp)
access restriction by host or domain, 8.2.3.7 Forced commands and secure copy (scp)
forced commands, 8.2.2 Tectia Authorization Files
environment variables, setting, 8.2.4.2 Tectia host access control
hostbased access control, Hostbased Access Control
limitations, Limits of This Technique
setup recommendations, 10.3.3.9 Encryption
troubleshooting, 12.2.3.3 Per-account authorization files
user’s rc file, Summary
PGP (Pretty Good Privacy), PGP Authentication in Tectia
authentication in Tectia, PGP Authentication in Tectia
PgpKeyFingerprint keyword, PGP Authentication in Tectia, 8.2.2.1 Tectia PGP key authentication, Identity and Authorization Files, OpenSSH
PgpKeyId keyword, PGP Authentication in Tectia, 8.2.2.1 Tectia PGP key authentication, Identity and Authorization Files, OpenSSH
PgpKeyName keyword, PGP Authentication in Tectia, 8.2.2.1 Tectia PGP key authentication, Identity and Authorization Files, OpenSSH
PgpPublicKeyFile keyword, PGP Authentication in Tectia, 8.2.2.1 Tectia PGP key authentication, Identity and Authorization Files, OpenSSH
PgpSecretKeyFile keyword, Tectia External Keys
PidFile keyword, 5.3.1.2 Random seed file
Pine email client, 4.5.2 GNU Emacs, Pine, IMAP, and SSH, 11.3.2 Mail Relaying and News Access
mail relaying, 11.3.2 Mail Relaying and News Access
PKI (Public Key Infrastructure), 3.4.2.4 Key exchange and server authentication, 11.5.1.1 What’s a PKI?
plaintext, A Cryptography Primer
PocketPuTTY, 13.3.8 Microsoft Windows CE (PocketPC)
PocketTTY, 13.3.8 Microsoft Windows CE (PocketPC)
port forwarding, 1.4.6 Port Forwarding, Forwarding, Port Forwarding and X Forwarding, What Is Forwarding?, 9.2.1 Local Forwarding, 9.2.1.1 Local forwarding and GatewayPorts, 9.2.1.2 Remote forwarding, 9.2.4 Forwarding Off-Host, 9.2.6.1 One-shot forwarding, 9.2.8 Choosing the Target Forwarding Address, 9.2.9 Termination, 9.2.9.1 The TIME_WAIT problem, 9.2.9.1 The TIME_WAIT problem, 9.2.10.3 Per-account configuration, Dynamic Port Forwarding, 12.2.5.6 Port forwarding
dynamic port forwarding, Dynamic Port Forwarding
forwarding off-host, 9.2.4 Forwarding Off-Host
ftp protocol forwarding, 9.2.10.3 Per-account configuration
local forwarding, 9.2.1 Local Forwarding, 9.2.1.1 Local forwarding and GatewayPorts
gateway ports, 9.2.1.1 Local forwarding and GatewayPorts
remote forwarding, 9.2.1.2 Remote forwarding
remote logins, without, 9.2.6.1 One-shot forwarding
server configuration, Forwarding, 9.2.9.1 The TIME_WAIT problem
target forwarding address, choosing, 9.2.8 Choosing the Target Forwarding Address
termination, 9.2.9 Termination, 9.2.9.1 The TIME_WAIT problem
TIME_WAIT problem, 9.2.9.1 The TIME_WAIT problem
troubleshooting, 12.2.5.6 Port forwarding
Port keyword, 5.3.3.1 Port number and network interface
port number, 5.3.3.1 Port number and network interface
server settings, 5.3.3.1 Port number and network interface
Pragma Fortress, 13.3.7 Microsoft Windows
PreferredAuthentications keyword, 7.4.13.2 The server is the boss
PrintMotd keyword, User Logins and Accounts
privacy, 3.1.1 Privacy (Encryption)
private keys, What Is an Identity?
privilege separation, issues with, 3.6.5 Privilege Separation in OpenSSH
privileged ports, Related Technologies
protocols, The SSH Protocol
ProxyCommand keyword, 11.4.5.2 Security
pSSH, 13.3.10 Palm OS
pty-req channel request, 3.4.4.2 Requests
public key files, 6.1.1 OpenSSH Identities
Public Key Infrastructure (PKI), 3.4.2.4 Key exchange and server authentication
public-key authentication, 2.4.1 A Brief Introduction to Keys, 2.4.2 Generating Key Pairs with ssh-keygen, 2.4.4 If You Change Your Key, 2.4.4 If You Change Your Key, 3.7.3 scp2/sftp Details, 11.1.2.2 Using a plaintext key, 11.1.2.3 Using an agent
algorithms, 3.7.3 scp2/sftp Details
authenticator, 2.4.1 A Brief Introduction to Keys
batch jobs, 11.1.2.2 Using a plaintext key, 11.1.2.3 Using an agent
agents, 11.1.2.3 Using an agent
plaintext keys, 11.1.2.2 Using a plaintext key
key pair generation, 2.4.2 Generating Key Pairs with ssh-keygen
keys, changing, 2.4.4 If You Change Your Key, 2.4.4 If You Change Your Key
OpenSSH, 2.4.4 If You Change Your Key
public-key authentication (continued), 2.4.1 A Brief Introduction to Keys, 2.4.3.2 Instructions for Tectia, 2.4.3.2 Instructions for Tectia, What Is an Identity?, 12.2.2.4 Public-key authentication
password authentication, compared to, 2.4.3.2 Instructions for Tectia
public keys, 2.4.1 A Brief Introduction to Keys, 2.4.3.2 Instructions for Tectia, What Is an Identity?
Tectia systems, installation, 2.4.3.2 Instructions for Tectia
troubleshooting, 12.2.2.4 Public-key authentication
PublicHostKeyFile keyword, 5.3.1.1 Host key files
PuTTY, 13.3.7 Microsoft Windows, 13.3.12 Unix Variants (Linux, OpenBSD, etc.), PuTTY for Windows, PuTTY for Windows, Obtaining and Installing, 18.2.1 Plink, a Console Client, 18.2.1 Plink, a Console Client, 18.2.2 Running Remote Commands, 18.3.1 File Transfer with PSCP, 18.3.2 File Transfer with PSFTP, Key Management, 18.4.1 Choosing a Key, Advanced Client Use, 18.5.2 Host Keys, 18.5.2 Host Keys, 18.5.4.2 Keepalive messages, 18.5.4.2 Keepalive messages, 18.5.4.2 Keepalive messages, 18.5.5 Pseudo-Terminal Allocation, 18.5.6 Proxies and SOCKS, 18.5.7 Encryption Algorithms, 18.5.8 Authentication, 18.5.8 Authentication, 18.5.9 Compression, 18.5.11 Batch Jobs, 18.5.11 Batch Jobs
batch jobs, 18.5.11 Batch Jobs
configuration and settings, 18.5.5 Pseudo-Terminal Allocation, 18.5.6 Proxies and SOCKS, 18.5.7 Encryption Algorithms, 18.5.8 Authentication, 18.5.8 Authentication, 18.5.9 Compression
authentication, 18.5.8 Authentication
compression, 18.5.9 Compression
encryption algorithms, 18.5.7 Encryption Algorithms
logging and debugging, 18.5.8 Authentication
Proxies and SOCKS, 18.5.6 Proxies and SOCKS
pseudo-terminal allocation, 18.5.5 Pseudo-Terminal Allocation
configuration and use, Obtaining and Installing, Advanced Client Use, 18.5.2 Host Keys, 18.5.2 Host Keys
host keys, 18.5.2 Host Keys
saved sessions, Advanced Client Use
SSH protocol selection, 18.5.2 Host Keys
file transfers, 18.2.2 Running Remote Commands, 18.3.1 File Transfer with PSCP, 18.3.2 File Transfer with PSFTP
PSCP, 18.3.1 File Transfer with PSCP
PSFTP, 18.3.2 File Transfer with PSFTP
forwarding, 18.5.11 Batch Jobs
installation, PuTTY for Windows
key management, Key Management, 18.4.1 Choosing a Key
agents, 18.4.1 Choosing a Key
Plink console client, 18.2.1 Plink, a Console Client
remote commands, 18.2.1 Plink, a Console Client
TCP/IP settings, 18.5.4.2 Keepalive messages, 18.5.4.2 Keepalive messages, 18.5.4.2 Keepalive messages
keepalive messages, 18.5.4.2 Keepalive messages
Nagle algorithm, 18.5.4.2 Keepalive messages
remote port selection, 18.5.4.2 Keepalive messages