O’Reilly news

"SSH, The Secure Shell: The Definitive Guide, Second Edition": Securing Network Data and Services with SSH

May 20, 2005

Sebastopol, CA--The name looks like the sound you'd make to hush someone, which is not inappropriate if you think of SSH, the secure shell, as a means of silently sending information between computers. "SSH" is actually pronounced by spelling it aloud "S-S-H," and isn't a shell at all, but a protocol. The name was originally coined from the rsh utility, a Unix program that also provides logins.

What does SSH do? Whenever data is sent by a computer to the network, SSH automatically encrypts it; when the data reaches its intended recipient, SSH automatically decrypts it. The result is "transparent" encryption--users can work normally, unaware that their communications are safely encrypted on the network. In addition, SSH uses modern, secure encryption algorithms and is effective enough to be found within mission-critical applications at major corporations. "SSH is not a complete security solution," observe Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes, authors of the second edition of SSH, The Secure Shell: The Definitive Guide (O'Reilly, US $39.95). "But what is?" they add.

"It won't protect computers from active break-in attempts or denial-of-service attacks, and it won't eliminate other hazards such as viruses, Trojan horses, and coffee spills," they tell their readers. "It does, however provide robust and user-friendly encryption and authentication." Without question, SSH is a valuable tool: it supports secure remote logins, secure file transfer between computers, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications.

"SSH is everywhere these days, included with Linux and Mac OS X and widely available for Windows," says coauthor Barrett. "Everyone who copies files or logs in from one computer to another should consider SSH. And it's free!"

The new edition of SSH, The Secure Shell: The Definitive Guide covers the secure shell in detail for both system administrators and users. "The first edition of the book was very successful and popular, and since its publication there have been hundreds of changes to SSH," notes Barrett. "The new edition covers more than 100 new features, options, and configuration keywords from the latest OpenSSH and Tectia (SSH2) products, plus expanded material on the SSH-2 protocol."

With an emphasis on the SSH-2 protocol, its internals, and its most popular implementations, the book provides thorough coverage of:

  • Configuring SSH servers and clients, both system wide and per user, with recommended settings to maximize security
  • Key management using agents, agent forwarding, and forced commands
  • Forwarding (tunneling) of TCP and X11 applications in depth, even in the presence of firewalls and network address translation (NAT)
  • Integrating SSH with Kerberos, OpenPGP, PAM, and other security-related software
  • Scalable authentication techniques for large installations, including X.509 certificates
  • Troubleshooting common and not-so-common problems
  • SSH is essential for anyone who is interested in sending information securely from here to there, whether to various points on a small LAN or across the wide expanses of the Internet. The expanded second edition of SSH, The Secure Shell: The Definitive Guide is the only book users and administrators will need to master this important protocol.

    Praise for the previous edition:

    "SSH, The Secure Shell: The Definitive Guide will be another 'must have' O'Reilly volume for many system administrators...a valuable resource...Its explanations are clear and thorough...Perhaps most importantly, The Secure Shell is organized so one can easily skip unwanted detail and find just those portions that are relevant. As a result, it can be used in different ways--read through to learn about SSH and what it can be used for, or just consulted as necessary to answer particular questions or solve particular problems."
    --Danny Yee, slashdot.org

    "In a nutshell, the book SSH, the Secure Shell: The Definitive Guide expands on two basic ideas: Privacy is a basic human right, but on today's computer networks, privacy isn't guaranteed. SSH is a simple idea, but it has many complex parts. But the truth is that the need for privacy and security on today's networks is far too important to be encapsulated in two bullets. This book is so loaded with valuable and important information that anyone using or administering SSH should read it thoroughly. SSH, the Secure Shell: The Definitive Guide is everything you need to know about SSH and lives up to its bold claim of being a definitive guide. For the SSH aficionado on a tight budget, the comprehensive SSH FAQ can be downloaded from various sites on the Web. For everyone else who needs to understand the often-undocumented inner-workings of SSH, this book is required reading."
    --Ben Rothke, www.unixreview.com

    Further reviews of SSH, The Secure Shell: The Definitive Guide can be found here.

    Additional Resources:

    SSH, The Secure Shell: The Definitive Guide, Second Edition
    Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes
    ISBN: 0-596-00895-3, 645 pages, $39.95 US, $55.95 CA
    order@oreilly.com
    1-800-998-9938; 1-707-827-7000

    About O’Reilly

    O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

    Email a link to this press release