Title:
Implementing SSH : strategies for optimizing the Secure Shell
Personal Author:
Publication Information:
Indianapolis, IN : Wiley, 2004
ISBN:
9780471458807
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000004717934 | QA76.76.O63 D844 2004 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
A tactical guide to installing, implementing, optimizing, and supporting SSH in order to secure your network
Prevent unwanted hacker attacks! This detailed guide will show you how to strengthen your company system's defenses, keep critical data secure, and add to the functionality of your network by deploying SSH. Security expert Himanshu Dwivedi shows you ways to implement SSH on virtually all operating systems, desktops, and servers, so your system is safe, secure, and stable. Learn how SSH fulfills all the core items in security, including authentication, authorization, encryption, integrity, and auditing. Also, discover methods to optimize the protocol for security and functionality on Unix, Windows, and network architecture environments. Additionally, find out about the similarities and differences of the major SSH servers and clients.
With the help of numerous architectural examples and case studies, you'll gain the necessary skills to:
* Explore many remote access solutions, including the theory, setup, and configuration of port forwarding
* Take advantage of features such as secure e-mail, proxy, and dynamic port forwarding
* Use SSH on network devices that are traditionally managed by Telnet
* Utilize SSH as a VPN solution in both a server and client aspect
* Replace insecure protocols such as Rsh, Rlogin, and FTP
* Use SSH to secure Web browsing and as a secure wireless (802.11) solution
Author Notes
Himanshu Dwivedi is Managing Security Architect for @stake
Table of Contents
| Acknowledgments | p. xv |
| About the Author | p. xvii |
| Introduction | p. xix |
| Part 1 SSH Basics | p. 1 |
| Chapter 1 Overview of SSH | p. 3 |
| Differences between SSH1 and SSH2 | p. 4 |
| Various Uses of SSH | p. 5 |
| Security | p. 5 |
| Remote Command Line Execution | p. 7 |
| Remote File Transfer | p. 8 |
| Remote Network Access | p. 10 |
| Secure Management | p. 10 |
| Proxy Services | p. 11 |
| Client/Server Architecture for SSH | p. 12 |
| SSH's Encryption Architecture | p. 13 |
| Basic Miscues with SSH | p. 14 |
| Types of SSH Clients/Servers | p. 14 |
| Basic Setup of SSH | p. 15 |
| OpenSSH | p. 16 |
| Red Hat Linux 8.0 | p. 16 |
| OpenBSD 3.1 | p. 18 |
| Windows 2000 Server | p. 19 |
| Commercial SSH | p. 23 |
| OpenBSD 3.1 and Red Hat Linux 8.0 | p. 23 |
| Windows 2000 | p. 24 |
| VShell SSH Server | p. 27 |
| Optimal Uses of SSH | p. 29 |
| Summary | p. 30 |
| Chapter 2 SSH Servers | p. 31 |
| OpenSSH | p. 32 |
| SSH Communications' SSH server | p. 39 |
| SSH Communications' SSH Server: Unix | p. 39 |
| General | p. 40 |
| Network | p. 40 |
| Crypto | p. 42 |
| Users | p. 43 |
| User Public Key Authentication | p. 44 |
| Tunneling | p. 46 |
| Authentication | p. 46 |
| Host Restrictions | p. 47 |
| Users Restrictions | p. 48 |
| SSH1 Compatibility | p. 49 |
| Chrooted Environment | p. 50 |
| Subsystem Definitions | p. 50 |
| SSH Communications' SSH server: Windows | p. 51 |
| General Settings | p. 52 |
| Network Settings | p. 54 |
| Crypto Settings | p. 56 |
| Users Settings | p. 57 |
| Server Public Key Configuration | p. 60 |
| Server Certificate Configurations | p. 61 |
| Tunneling Configurations | p. 62 |
| Authentication Methods | p. 63 |
| Host Restrictions | p. 64 |
| User Restrictions | p. 65 |
| Subsystem Definitions | p. 67 |
| VanDyke Software's VShell SSH Server | p. 69 |
| General Settings | p. 69 |
| General-Host Key | p. 70 |
| General-Key Exchanges | p. 71 |
| General-Cipher | p. 72 |
| General-MAC | p. 73 |
| General-Compression | p. 74 |
| Authentication | p. 75 |
| Access Control | p. 77 |
| SFTP Section | p. 78 |
| Triggers | p. 79 |
| Connection Filters | p. 80 |
| Port-Forward Filters | p. 81 |
| Logging | p. 83 |
| Comparison of OpenSSH, SSH Server, and VShell | p. 84 |
| Summary | p. 85 |
| Chapter 3 Secure Shell Clients | p. 87 |
| Command-Line SSH Clients | p. 88 |
| Windows Installation | p. 89 |
| Unix Installation | p. 89 |
| SSH Client Configuration File | p. 94 |
| General | p. 95 |
| Network | p. 95 |
| Crypto | p. 96 |
| User Public Key Authentication | p. 96 |
| Tunneling | p. 97 |
| SSH1 Compatibility | p. 97 |
| Authentication | p. 98 |
| GUI SSH Clients | p. 98 |
| Windows Installation | p. 98 |
| SSH Communications | p. 99 |
| Profile Settings | p. 100 |
| Global Settings | p. 101 |
| VanDyke Software's SecureCRT | p. 104 |
| PuTTY | p. 110 |
| WinSCP | p. 112 |
| MindTerm | p. 113 |
| MacSSH | p. 116 |
| Summary | p. 116 |
| Chapter 4 Authentication | p. 117 |
| General Options | p. 118 |
| SSH Communications' SSH Server (Windows) | p. 118 |
| SSH Communications' SSH Server (Unix) | p. 120 |
| VShell SSH Server | p. 121 |
| OpenSSH (Unix and Windows) | p. 122 |
| Passwords | p. 123 |
| Host-Based Authentication | p. 127 |
| Server Authentication | p. 129 |
| Public Keys | p. 131 |
| Creating Keys with OpehSSH | p. 134 |
| How to Use an OpenSSH Key on an OpenSSH Server | p. 135 |
| How to Use an OpenSSH Key on SSH Communications' SSH Server | p. 136 |
| How to Use an OpenSSH Key on a VShell SSH Server | p. 137 |
| Creating Keys with SSH Communications' SSH Client (Unix and Windows Command Line) | p. 138 |
| How to Use SSH Client Keys with SSH Communications' SSH Server | p. 139 |
| How to Use SSH Client Keys with an OpenSSH Server | p. 140 |
| How to Use SSH Client Keys with a VShell SSH Server | p. 140 |
| Creating Keys with SSH Communications (Windows GUI) | p. 142 |
| How to Upload an SSH Client Key Pair to SSH Communications' SSH Server | p. 144 |
| How to Upload an SSH Client Key Pair to an OpenSSH Server | p. 145 |
| How to Upload an SSH Client Key Pair to a VShell SSH Server | p. 147 |
| Creating Keys with VanDyke SecureCRT | p. 148 |
| VShell SSH Server | p. 149 |
| OpenSSH | p. 150 |
| SSH Communications' SSH Server | p. 151 |
| SSH Agents | p. 152 |
| Summary | p. 153 |
| Chapter 5 SSH Management | p. 155 |
| Network Devices | p. 156 |
| Cisco Routers | p. 157 |
| Cisco Switches | p. 160 |
| Cisco VPN Concentrator | p. 160 |
| Cisco PIX Firewalls | p. 162 |
| Network Appliance Filers | p. 163 |
| Secure Management | p. 164 |
| Management Servers | p. 165 |
| Two-Factor Authentication | p. 167 |
| SOCKS Management | p. 169 |
| SSH: User Restrictions | p. 172 |
| Chroot | p. 172 |
| User Access Controls | p. 173 |
| SSH User Restrictions | p. 175 |
| SSH: Network Access Controls | p. 177 |
| SSH TCP wrappers | p. 177 |
| SSH Connection Filters | p. 179 |
| SSH Host Restrictions | p. 181 |
| Summary | p. 183 |
| Part 2 Remote Access Solutions | p. 185 |
| Chapter 6 SSH Port Forwarding | p. 187 |
| Networking Basics of Port Forwarding for Clients | p. 193 |
| Networking Basics of Port Forwarding for Servers | p. 200 |
| SSH Port Forwarding | p. 201 |
| Local Port Forwarding for SSH Clients | p. 205 |
| Configuration for Command-Line Clients | p. 205 |
| Configuration for SSH Communications' GUI SSH Client | p. 207 |
| Configuration for VanDyke Software's Secure CRT | p. 209 |
| Configuration for PuTTY | p. 211 |
| Remote Port Forwarding for SSH Clients | p. 213 |
| Configuration for OpenSSH Client (Unix and Windows) | p. 213 |
| Configuration for SSH Communications' Command-Line Client (Unix and Windows) | p. 214 |
| Configuration for SSH Communications' GUI SSH Client (Windows) | p. 214 |
| Configuration for VanDyke Software's SecureCRT | p. 215 |
| Port Forwarding for SSH Servers | p. 217 |
| Configuration for OpenSSH Server (Unix and Windows) | p. 217 |
| Configuration for SSH Communications' SSH Server (Unix) | p. 217 |
| Configuration for SSH Communications' SSH Server (Windows) | p. 220 |
| Configuration for VanDyke Software's VShell SSH Server | p. 222 |
| Advantages to SSH Port Forwarding | p. 225 |
| Summary | p. 226 |
| Chapter 7 Secure Remote Access | p. 229 |
| Secure E-mail with SSH | p. 230 |
| Setting Up the SSH Server | p. 232 |
| Setting Up the SSH Client | p. 232 |
| Setting Up the E-mail Client | p. 234 |
| Executing Secure E-mail | p. 237 |
| Secure File Transfer (SMB and NFS) with SSH | p. 238 |
| Setting Up the SSH Server | p. 241 |
| Setting Up the SSH Client | p. 241 |
| Setting Up the File Server Clients | p. 243 |
| Executing Secure File Transfer | p. 243 |
| Secure File Sharing with SMB and SSH | p. 244 |
| Secure File Sharing with NFS and SSH | p. 245 |
| Secure Management with SSH | p. 246 |
| Setting Up the SSH Server | p. 248 |
| Setting Up the SSH Client | p. 249 |
| Setting Up the Management Clients | p. 252 |
| Executing Secure Management | p. 252 |
| Secure Management with Windows Terminal Services and SSH | p. 253 |
| Secure Management with VNC and SSH | p. 255 |
| Secure Management with pcAnywhere and SSH | p. 257 |
| Secure VPN with SSH (PPP over SSH) | p. 259 |
| PPP Daemon on the Server | p. 260 |
| VPN User and Sudo | p. 261 |
| Client Script | p. 261 |
| Summary | p. 264 |
| Part 3 Protocol Replacement | p. 267 |
| Chapter 8 SSH Versatility | p. 269 |
| Terminal Access | p. 270 |
| Compromising a System with Remote Shell (RSH) | p. 271 |
| Compromising a System with Remote Login (Rlogin) | p. 272 |
| Compromising a System with Remote Execution (Rexec) | p. 273 |
| Why Access via SSH Is Better | p. 274 |
| File Transfer with Secure File Transfer Protocol (SFTP) | p. 276 |
| SFTP with the OpenSSH SFTP Server | p. 277 |
| Using OpenSSH for Management Purposes | p. 277 |
| Using OpenSSH for File Sharing | p. 278 |
| Authorizing Users with OpenSSH | p. 279 |
| OpenSSH on Windows and Cygdrive | p. 280 |
| SFTP with VanDyke Software VShell | p. 281 |
| Using VShell for Management Purposes | p. 281 |
| Using VShell for File Sharing | p. 282 |
| Authorizing Users with VShell | p. 287 |
| SFTP with SSH Communications' SSH Server | p. 287 |
| Using SSH Communications' SSH Server for Management Purposes | p. 288 |
| Using SSH Communications' SSH Server for File Sharing | p. 289 |
| Authorizing Users with SSH Communications' SSH Server | p. 292 |
| Comparison of the Three SFTP Solutions | p. 292 |
| Secure Chat | p. 293 |
| Secure Backups | p. 297 |
| Summary | p. 299 |
| Chapter 9 Proxy Technologies in a Secure Web Environment | p. 301 |
| SSH and SOCKS | p. 302 |
| Dynamic Port Forwarding and SOCKS | p. 310 |
| Secure Web Browsing with SSH | p. 314 |
| SSH via HTTP Proxies | p. 321 |
| Securing Wireless Networks with SSH | p. 323 |
| Securing Wireless with SSH and HTTP Proxies | p. 324 |
| Securing Wireless with SSH and Dynamic Port Forwarding | p. 325 |
| Summary | p. 326 |
| Chapter 10 SSH Case Studies | p. 329 |
| Case Study #1 Secure Remote Access | p. 330 |
| The Problem Situation | p. 330 |
| Business Requirements | p. 330 |
| Configuration | p. 334 |
| SSH Client Configuration | p. 334 |
| SSH Server Configuration | p. 339 |
| Results Checklist | p. 343 |
| Case Study #2 Secure Wireless Connectivity | p. 344 |
| The Problem | p. 344 |
| Business Requirements | p. 344 |
| Configuration | p. 347 |
| SSH Client Configuration | p. 347 |
| SSH Server Configuration | p. 350 |
| Results Checklist | p. 351 |
| Case Study #3 Secure File Servers | p. 353 |
| The Problem | p. 353 |
| Business Requirements | p. 353 |
| Configuration | p. 354 |
| SSH Server Configuration | p. 354 |
| SSH Client Configuration | p. 356 |
| Results Checklist | p. 357 |
| Summary | p. 358 |
| Epilogue | p. 359 |
| Index | p. 361 |
