Michael W. Lucas - SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys

Thanks go first to the fine folks who wrote OpenSSH and PuTTY. These people literally changed the world for the better by creating and supporting their software. I must notably thank OpenSSH ringleader Damien Miller, for taking the time to point me in the right direction when I had a dumb question.

I must also thank my technical reviewers: Bill Allaire, Jim Allen, Tim Enders, Marie Helene Kvello-Aune, Kurt Mosiejczuk, Mike OConnor, Bernard Spil, Loganaden Velvindron (from hackers.mu), and Markus Waldeck. Any errors that appear in this book crept in despite the efforts of these fine folks.

To the people who offer me ongoing support via Patreon (https://www.patreon.com/mwlucas), my gratitude. A whole passel of them got a copy of this book as thanks.

Writing this book would have been impossible without the source code for all the software involved.

This is for Liz.

Over the last 15 years, OpenSSH (http://www.OpenSSH.com) has become the standard tool for remote management of UNIX-like systems and many network devices. Most systems administrators use only the bare minimum OpenSSH functionality necessary to get a command line, however. OpenSSH has many powerful features that will make systems management easier if you take the time to understand them. Youll find information and tutorials about OpenSSH all over the Internet. Some of them are poorly written, or only applicable to narrow scenarios. Many are well written, but are ten years old and cover problems solved by a software update nine years ago. If you have a few spare days, and know the questions to ask, you can sift through the dross and find effective, current tutorials.

This task-oriented book will save you that effort and time, freeing you up to prepare for the next version of Castle Wolfenstein. I assume that you are using fairly recent versions of OpenSSH and PuTTY, and I disregard edge cases such as my twenty-year-old router only supports SSH version 1. If you found this book, chances are youre capable of searching the Internet to answer very specific questions. I wont discuss building OpenSSH from source, or how to install the OpenSSH server on fifty different platforms. If youre a systems administrator, you know where to find that information. If you are a system user, your system administrator should install and configure the OpenSSH server for you, but mastering the client programs will help you work more quickly and effectively.

Everyone who manages a UNIX-like system must understand SSH. OpenSSH is the most commonly deployed SSH implementation. Unless you are specifically using a different SSH implementation, read this book.

People who are not systems administrators, but who must connect to a server over SSH, will also find this book helpful. While you can learn the basics of SSH in five minutes, proper SSH use will make your job easier and faster. You can skip the sections on server configuration if you wish, although its always good to know what your system administrator canactually do as opposed to what they feel likedoing.

Secure shell (SSH) is a protocol for creating an encrypted communications channel between two networked hosts. SSH protects data passing between two machines so that other people cannot eavesdrop on it. Tatu Ylnen created the initial protocol and implementation in 1995, designing it to replace insecure protocols such as telnet, RSH, and rlogin. With the release of OpenSSH in 1999, SSH rapidly became the standard method for managing hosts. Today, many different software packages rely on the SSH protocol for encrypted and well-authenticated transport of data across private, public, and hostile networks.

OpenSSH is the most widely deployed implementation of the SSH protocol. It started as an offshoot of a freely licensed version of the original SSH software, but has been heavily rewritten, expanded, and updated. OpenSSH is developed as part of the OpenBSD Project, a community known for writing secure software. OpenSSH is the standard SSH implementation in the Linux and BSD world, and is also used in products from large companies such as HP, Cisco, Oracle, Novell, Juniper, IBM, and so on.

OpenSSH comes in two versions, OpenBSDand Portable OpenSSH. OpenSSHs main development happens as part of OpenBSD. They hold OpenSSH to the same standards of simple, secure code as they do the rest of OpenBSD. This version of OpenSSH is small and secure, but only supports OpenBSD. The OpenSSH Portability Team takes the OpenBSD version and adds the glue necessary to make OpenSSH work on other operating systems, creating Portable OpenSSH. Not only do different operating systems use different compilers, libraries, and so on, they have different authentication systems.