Secure Shell in the Enterprise

Author: Jason Reid
Pages: 224
Publisher: Prentice Hall PTR
ISBN: 0131429000


In the past many people didn’t realize that using telnet allows their password to be transmitted across the Internet unencrypted. There are still telnet users but a great number of users have realized that you can use SSH to encrypt all your traffic and thus eliminate many well-known attacks. No wonder SSH is being implemented in many enterprises Worldwide. This book promises to be the answer to your implementation problems. Does it deliver? Read on to find out.

About the author

Jason Reid is in the Solaris System Test group at Sun Microsystems, Inc. Prior to his present position, he was a software quality assurance engineer in the Developer Tools group. Before joining Sun, Jason worked at the Purdue University Computing Center as an UNIX system administrator, while obtaining his B.S. in Computer Science.

An interview with Jason Reid is available here.

Inside the book

The book starts with an introduction of security history and protocols. Discussed here is the importance of a good security policy, the factors that you have to take into consideration when choosing security tools and the Secure Shell with its various implementations. In order to help you choose the right tool for your environment, the author provides a decision tree.

Next you learn all about OpenSSH, a free implementation of the Secure Shell protocols. Reid guides you through the building of OpenSSH by describing its components, entropy sources and TCP Wrappers.

Moving on, the author once again notes how important is to establish a security policy before the configuration of the Secure Shell. He also illustrates a myriad of configuration options so you can choose the right ones for your needs.

What follows is a chapter dedicated to the creation and deployment of the OpenSSH package. Here you get to know more about OpenSSH packaging, the generation of MD5 Hashes and then you move on to understand the Solaris Security Toolkit.

Now you get to know more about the integration of the Secure Shell into your environment. Among other things, here you read about replacing rsh(1) with ssh(1) scripts, proxies, role-based access control and port forwarding. To finish off this part, Reid shows you how to disable insecure services by editing the inetd.conf file.

Chapter six brings forward the discussion on managing keys and identities. The author provides details on host keys, user identities and agents.

If you want to analyze what happened to your system, you need logging and auditing. Reid gives and overview of auditing and the basic procedures as well as information on logging. As regards measuring performance, it’s necessary with a large number of connections since the Secure Shell has a greater resource usage than its insecure counterparts. The author writes about bandwidth performance, symmetric cipher performance, performance problems and sizing.

Chapter nine is about case studies and includes solutions such as building a simple point-to-point virtual private network and linking two disparate networks through an intermediary bastion host. The last chapter is all about resolving problems and finding solutions.

Things aren’t over yet though. What comes next are six appendixes with lots of additional material like: a list of server and client configuration options, examples of client and sever usage, and much more.

My 2 cents

This is as good as it gets, in just a bit more than 200 pages all the important information you need to deploy Secure Shell. All the instructions are very detailed and illustrate what goes on in the command line. This book is a perfect example of the fact that you don’t need to read a 1000 page book every time you need knowledge on a subject.

The last appendix provides references to documentation, articles, man pages, bug reports, books software resources and web sites. Needless to say, this complements the book very well.

You’re about to do a Secure Shell implementation but don’t know how? Get this book and you will.

Don't miss