SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys
Michael W Lucas
Format: PDF / Kindle (mobi) / ePub
Secure Shell (SSH) lets systems administrators securely manage remote systems. But most people only use the bare minimum SSH offers. Used properly, SSH simplifies your job and improves security.
This book saves you from sifting a decade of obsolete online tutorials and quickly gets you running:SSH with the OpenSSH server and the PuTTY and OpenSSH clients. You will:
* Eliminate passwords.
* Manage access to your SSH server by users, groups, addresses, and more
* Securely move files around your network
* Forward graphic displays from one host to another
* Forward TCP/IP connections
* Centrally manage host keys and client configurations
* Use SSH as a secure transport for other applications
* Secure applications run over SSH
* Build Virtual Private Networks with OpenSSH
And more! This book quickly and painlessly simplifies life for anyone using SSH.
requirements use this ability to secure their enterprise. (You can also use SSH to create a VPN to carry all IP protocols, but that's in Chapter 13.) For example, I manage my Web site and blog with WordPress. It provides a friendly pointy-clicky interface for web site administration, giving me a nice-looking site without actually needing to learn anything about Web design. My HTML education ended about 1996, and I have no desire to resume it. Traffic to and from my Web site is unencrypted, but I
Internet over the proxy, which means dynamic forwarding works. Backgrounding Forwarding OpenSSH Sometimes you want to use OpenSSH to forward a connection, but you don't really want a terminal session on the SSH server. Use the -N flag to tell ssh to not run anything, including a terminal, on the remote server, and the -f flag to tell ssh to go into the background on the client. Here, I background a local forwarding connection to the server pride. $ ssh -fNL 2222:localhost:22 pride & By
chatter in your logs. These hostnames appear in brackets in known_hosts, followed by a colon and the port number. [pride]:2222,[192.0.2.5]:2222 ssh-rsa AAA... In Chapter 5, we covered how you can obscure the hostnames in known_hosts by hashing them, preventing a casual intruder from getting server information from known_hosts. Listing multiple hostnames on a single line simplifies managing the known_hosts file, but this practice conflicts with hashing the hostnames. If you wish to hash hostnames
HostKeyAlgorithms=ssh-dss pride $ ssh -o HostKeyAlgorithms=ecdsa-sha2-nistp256 pride It's tempting to write a simple script to collect all of these keys for all of these servers automatically, but a naive script cannot verify the host key fingerprints against the list we created in Chapter 4. If you write a script to intelligently perform the comparison, please make it available to the rest of us. Or to me, at least. This known_hosts file will contain your preferred name for the SSH server and,
him in a bar.” — Technology and Me Blog Cisco Routers for the Desperate, 2nd Edition “If only Cisco Routers for the Desperate had been on my bookshelf a few years ago! It would have definitely saved me many hours of searching for configuration help on my Cisco routers. . . . I would strongly recommend this book for both IT Professionals looking to get started with Cisco routers, as well as anyone who has to deal with a Cisco router from time to time but doesn’t have the time or technological