Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
SSH, the Secure Shell, 2nd Edition
SPECIAL OFFER: Upgrade this ebook with O’Reilly Preface
Protect Your Network with SSH Intended Audience
End-User Audience
Prerequisites
System-Administrator Audience
Prerequisites
Reading This Book Our Approach Which Chapters Are for You? Supported Platforms Disclaimers Conventions Used in This Book Comments and Questions Safari Enabled Acknowledgments
1. Introduction to SSH
What Is SSH? What SSH Is Not The SSH Protocol
1.3.1 Protocols, Products, Clients, and Confusion
Overview of SSH Features
1.4.1 Secure Remote Logins 1.4.2 Secure File Transfer 1.4.3 Secure Remote Command Execution 1.4.4 Keys and Agents 1.4.5 Access Control 1.4.6 Port Forwarding
History of SSH Related Technologies
1.6.1 rsh Suite (r-Commands) 1.6.2 Pretty Good Privacy (PGP) and GNU Privacy Guard (GnuPG) 1.6.3 Kerberos 1.6.4 IPSEC and Virtual Private Networks 1.6.5 Secure Remote Password (SRP) 1.6.6 Secure Socket Layer (SSL) Protocol 1.6.7 SSL-Enhanced Telnet and FTP 1.6.8 stunnel 1.6.9 Firewalls
Summary
2. Basic Client Use
A Running Example Remote Terminal Sessions with ssh
2.2.1 File Transfer with scp
Adding Complexity to the Example
2.3.1 Known Hosts 2.3.2 The Escape Character
Authentication by Cryptographic Key
2.4.1 A Brief Introduction to Keys 2.4.2 Generating Key Pairs with ssh-keygen 2.4.3 Installing a Public Key on an SSH Server Machine
2.4.3.1 Instructions for OpenSSH 2.4.3.2 Instructions for Tectia
2.4.4 If You Change Your Key
The SSH Agent
2.5.1 Agents and Automation 2.5.2 A More Complex Passphrase Problem 2.5.3 Agent Forwarding
Connecting Without a Password or Passphrase Miscellaneous Clients
2.7.1 sftp 2.7.2 slogin
Summary
3. Inside SSH
Overview of Features
3.1.1 Privacy (Encryption) 3.1.2 Integrity 3.1.3 Authentication 3.1.4 Authorization 3.1.5 Forwarding (Tunneling)
A Cryptography Primer
3.2.1 How Secure Is Secure? 3.2.2 Public-and Secret-Key Cryptography 3.2.3 Hash Functions
The Architecture of an SSH System Inside SSH-2
3.4.1 Protocol Summary 3.4.2 SSH Transport Layer Protocol (SSH-TRANS)
3.4.2.1 Connection 3.4.2.2 Protocol version selection 3.4.2.3 Parameter negotiation 3.4.2.4 Key exchange and server authentication 3.4.2.5 Server authentication and antispoofing: some gory details 3.4.2.6 Wonder security powers, activate!
3.4.3 SSH Authentication Protocol (SSH-AUTH)
3.4.3.1 The authentication request 3.4.3.2 The authentication response 3.4.3.3 Getting started: the "none" request 3.4.3.4 Public-key authentication 3.4.3.5 Password authentication 3.4.3.6 Hostbased authentication
3.4.4 SSH Connection Protocol (SSH-CONN)
3.4.4.1 Channels 3.4.4.2 Requests 3.4.4.3 The finish line
Inside SSH-1 Implementation Issues
3.6.1 Host Keys 3.6.2 Authorization in Hostbased Authentication
3.6.2.1 Hostbased access files 3.6.2.2 Control file details 3.6.2.3 Netgroups as wildcards 3.6.2.4 Summary
3.6.3 SSH-1 Backward Compatibility 3.6.4 Randomness 3.6.5 Privilege Separation in OpenSSH
SSH and File Transfers (scp and sftp)
3.7.1 What's in a Name? 3.7.2 scp Details 3.7.3 scp2/sftp Details
Algorithms Used by SSH
3.8.1 Public-Key Algorithms
3.8.1.1 Rivest-Shamir-Adleman (RSA) 3.8.1.2 Digital Signature Algorithm (DSA) 3.8.1.3 Diffie-Hellman key agreement
3.8.2 Secret-Key Algorithms
3.8.2.1 International Data Encryption Algorithm (IDEA) 3.8.2.2 Advanced Encryption Standard (AES) 3.8.2.3 Data Encryption Standard (DES) 3.8.2.4 Triple-DES 3.8.2.5 ARCFOUR (RC4) 3.8.2.6 Blowfish 3.8.2.7 Twofish 3.8.2.8 CAST
3.8.3 Hash Functions
3.8.3.1 CRC-32 3.8.3.2 MD5 3.8.3.3 SHA-1 3.8.3.4 RIPEMD-160
3.8.4 Compression Algorithms: zlib
Threats SSH Can Counter
3.9.1 Eavesdropping 3.9.2 Name Service and IP Spoofing 3.9.3 Connection Hijacking 3.9.4 Man-in-the-Middle Attacks
Threats SSH Doesn't Prevent
3.10.1 Password Cracking 3.10.2 IP and TCP Attacks 3.10.3 Traffic Analysis 3.10.4 Covert Channels 3.10.5 Carelessness
Threats Caused by SSH Summary
4. Installation and Compile-Time Configuration
Overview
4.1.1 Install the Prerequisites 4.1.2 Obtain the Sources 4.1.3 Verify the Signature 4.1.4 Extract the Source Files 4.1.5 Perform Compile-Time Configuration 4.1.6 Compile Everything 4.1.7 Install the Programs and Configuration Files
Installing OpenSSH
4.2.1 Prerequisites 4.2.2 Downloading and Extracting the Files
4.2.2.1 Verifying with GnuPG
4.2.3 Building and Installing 4.2.4 Configuration Options
4.2.4.1 File locations 4.2.4.2 Random number generation 4.2.4.3 Networking 4.2.4.4 Authentication 4.2.4.5 Access control
Installing Tectia
4.3.1 Prerequisites 4.3.2 Obtaining and Extracting the Files 4.3.3 Verifying with md5sum 4.3.4 Building and Installing 4.3.5 Configuration Options
4.3.5.1 File locations and permission 4.3.5.2 Random number generation 4.3.5.3 Networking 4.3.5.4 X Window System 4.3.5.5 TCP port forwarding 4.3.5.6 Encryption 4.3.5.7 Authentication 4.3.5.8 SOCKS proxies 4.3.5.9 Debugging 4.3.5.10 SSH-1 protocol compatibility
4.3.6 SSH-1 Compatibility Support for Tectia
Software Inventory Replacing r-Commands with SSH
4.5.1 Concurrent Versions System (CVS) 4.5.2 GNU Emacs 4.5.3 Pine 4.5.4 rsync, rdist
Summary
5. Serverwide Configuration
Running the Server
5.1.1 Running sshd as the Superuser 5.1.2 Running sshd as an Ordinary User
Server Configuration: An Overview
5.2.1 Server Configuration Files 5.2.2 Checking Configuration Files
5.2.2.1 Checking OpenSSH configuration files 5.2.2.2 Checking Tectia configuration files
5.2.3 Command-Line Options 5.2.4 Changing the Configuration 5.2.5 A Tricky Reconfiguration Example
Getting Ready: Initial Setup
5.3.1 File Locations
5.3.1.1 Host key files 5.3.1.2 Random seed file 5.3.1.3 Process ID file 5.3.1.4 Server configuration file 5.3.1.5 User SSH directory 5.3.1.6 Per-account authorization files 5.3.1.7 utmp file structure
5.3.2 File Permissions
5.3.2.1 Acceptable permissions for user files
5.3.3 TCP/IP Settings
5.3.3.1 Port number and network interface 5.3.3.2 Invocation by inetd or xinetd 5.3.3.3 Restarting the SSH server for each connection 5.3.3.4 Keepalive messages 5.3.3.5 Idle connections 5.3.3.6 Failed logins 5.3.3.7 Limiting simultaneous connections 5.3.3.8 Reverse IP mappings 5.3.3.9 Controlling the Nagle Algorithm 5.3.3.10 Discovering other servers
5.3.4 Key Regeneration 5.3.5 Encryption Algorithms 5.3.6 Integrity-Checking (MAC) Algorithms 5.3.7 SSH Protocol Settings
5.3.7.1 Protocol version string
5.3.8 Compression
Authentication: Verifying Identities
5.4.1 Authentication Syntax 5.4.2 Password Authentication
5.4.2.1 Failed password attempts 5.4.2.2 Empty passwords 5.4.2.3 Expired passwords
5.4.3 Public-Key Authentication 5.4.4 Hostbased Authentication 5.4.5 Keyboard-Interactive Authentication
5.4.5.1 OpenSSH keyboard-interactive authentication 5.4.5.2 Tectia's keyboard-interactive authentication
5.4.6 PGP Authentication 5.4.7 Kerberos Authentication
5.4.7.1 Kerberos and OpenSSH 5.4.7.2 Kerberos and Tectia
5.4.8 PAM Authentication 5.4.9 Privilege Separation 5.4.10 Selecting a Login Program
Access Control: Letting People In
5.5.1 Account Access Control
5.5.1.1 Restricting all logins
5.5.2 Group Access Control 5.5.3 Hostname Access Control 5.5.4 shosts Access Control 5.5.5 Root Access Control 5.5.6 External Access Control 5.5.7 Restricting Directory Access with chroot 5.5.8 Summary of Authentication and Access Control
User Logins and Accounts
5.6.1 Welcome Messages for the User 5.6.2 Setting Environment Variables 5.6.3 Initialization Scripts
Forwarding
5.7.1 Port Forwarding 5.7.2 X Forwarding 5.7.3 Agent Forwarding
Subsystems Logging and Debugging
5.9.1 OpenSSH Logging and Debugging 5.9.2 Tectia Logging and Debugging 5.9.3 Debugging Under inetd or xinetd
Compatibility Between SSH-1 and SSH-2 Servers
5.10.1 Security Issues with Tectia's SSH-1 Compatibility Mode
Summary
6. Key Management and Agents
What Is an Identity?
6.1.1 OpenSSH Identities 6.1.2 Tectia Identities
Creating an Identity
6.2.1 Generating Keys for OpenSSH
6.2.1.1 Creating OpenSSH keys 6.2.1.2 Working with OpenSSH keys
6.2.2 Generating Keys for Tectia
6.2.2.1 Creating Tectia keys 6.2.2.2 Working with Tectia keys
6.2.3 Selecting a Passphrase 6.2.4 Generating New Groups for Diffie-Hellman Key Exchange
SSH Agents
6.3.1 Agents Do Not Expose Keys 6.3.2 Starting an Agent
6.3.2.1 Single-shell method 6.3.2.2 Subshell method 6.3.2.3 Format of environment variable commands
6.3.3 Loading Keys with ssh-add
6.3.3.1 Automatic agent loading (single-shell method) 6.3.3.2 Automatic agent loading (subshell method) 6.3.3.3 Automatic agent loading (X Window System)
6.3.4 Agents and Security
6.3.4.1 Access control 6.3.4.2 Cracking an agent
6.3.5 Agent Forwarding
6.3.5.1 A firewall example 6.3.5.2 How agent forwarding works 6.3.5.3 Enabling agent forwarding
6.3.6 Agent CPU Usage 6.3.7 Debugging the Agent
Multiple Identities
6.4.1 Switching Identities Manually 6.4.2 Switching Identities with an Agent 6.4.3 Tailoring Sessions Based on Identity
PGP Authentication in Tectia Tectia External Keys Summary
7. Advanced Client Use
How to Configure Clients
7.1.1 Command-Line Options 7.1.2 Client Configuration Files
7.1.2.1 Keywords versus command-line options 7.1.2.2 Global and local files 7.1.2.3 Configuration-file sections 7.1.2.4 Multiple matches 7.1.2.5 Making nicknames for hosts 7.1.2.6 Comments, indenting, and style
7.1.3 Environment Variables
Precedence Introduction to Verbose Mode Client Configuration in Depth
7.4.1 Remote Account Name
7.4.1.1 Tricks with remote account names
7.4.2 User Identity
7.4.2.1 Using identities
7.4.3 Host Keys and Known-Hosts Databases
7.4.3.1 Strict host-key checking 7.4.3.2 Verifying host keys by DNS 7.4.3.3 Host key aliasing 7.4.3.4 Ignoring host keys for localhost 7.4.3.5 Moving the known hosts files
7.4.4 SSH Protocol Settings
7.4.4.1 Choosing a protocol version 7.4.4.2 Connection sharing 7.4.4.3 Setting environment variables in the server
7.4.5 TCP/IP Settings
7.4.5.1 Selecting a remote port 7.4.5.2 Connecting via a given network interface 7.4.5.3 Forcing a nonprivileged local port 7.4.5.4 Keepalive messages 7.4.5.5 Controlling TCP_NODELAY 7.4.5.6 Requiring IPv4 and IPv6
7.4.6 Making Connections
7.4.6.1 Number of connection attempts 7.4.6.2 Password prompting in OpenSSH 7.4.6.3 Password prompting in Tectia 7.4.6.4 Batch mode: suppressing prompts 7.4.6.5 Pseudo-terminal allocation (TTY/PTY/PTTY) 7.4.6.6 Backgrounding a remote command 7.4.6.7 Backgrounding a remote command, take two 7.4.6.8 Escaping
7.4.7 Proxies and SOCKS
7.4.7.1 SOCKS in OpenSSH: using DynamicForward 7.4.7.2 SOCKS in Tectia
7.4.8 Forwarding 7.4.9 Encryption Algorithms 7.4.10 Integrity-Checking (MAC) Algorithms 7.4.11 Host Key Types 7.4.12 Session Rekeying 7.4.13 Authentication
7.4.13.1 Requesting an authentication technique 7.4.13.2 The server is the boss 7.4.13.3 Detecting successful authentication 7.4.13.4 Using ssh-keysign for hostbased authentication
7.4.14 Data Compression 7.4.15 Program Locations 7.4.16 Subsystems 7.4.17 Logging and Debugging 7.4.18 Random Seeds
Secure Copy with scp
7.5.1 Full Syntax of scp 7.5.2 Handling of Wildcards 7.5.3 Recursive Copy of Directories 7.5.4 Preserving Permissions 7.5.5 Automatic Removal of Original File 7.5.6 Safety Features
7.5.6.1 Directory confirmation 7.5.6.2 No-execute mode 7.5.6.3 Overwriting existing files
7.5.7 Batch Mode 7.5.8 User Identity 7.5.9 SSH Protocol Settings 7.5.10 TCP/IP Settings 7.5.11 Encryption Algorithms 7.5.12 Controlling Bandwidth 7.5.13 Data Compression 7.5.14 File Conversion 7.5.15 Optimizations 7.5.16 Statistics Display 7.5.17 Locating the ssh Executable 7.5.18 Getting Help 7.5.19 For Internal Use Only 7.5.20 Further Configuration
Secure, Interactive Copy with sftp
7.6.1 Interactive Commands 7.6.2 Command-Line Options
Summary
8. Per-Account Server Configuration
Limits of This Technique
8.1.1 Overriding Serverwide Settings 8.1.2 Authentication Issues
Public-Key-Based Configuration
8.2.1 OpenSSH Authorization Files 8.2.2 Tectia Authorization Files
8.2.2.1 Tectia PGP key authentication
8.2.3 Forced Commands
8.2.3.1 Security issues 8.2.3.2 Rejecting connections with a custom message 8.2.3.3 Displaying a command menu 8.2.3.4 Examining the client's original command 8.2.3.5 Restricting a client's original command 8.2.3.6 Logging a client's original command 8.2.3.7 Forced commands and secure copy (scp)
8.2.4 Restricting Access by Host or Domain
8.2.4.1 OpenSSH host access control 8.2.4.2 Tectia host access control
8.2.5 Setting Environment Variables
8.2.5.1 Example: CVS and $LOGNAME
8.2.6 Setting Idle Timeout 8.2.7 Disabling or Limiting Forwarding 8.2.8 Disabling TTY Allocation
Hostbased Access Control The User rc File Summary
9. Port Forwarding and X Forwarding
What Is Forwarding? Port Forwarding
9.2.1 Local Forwarding
9.2.1.1 Local forwarding and GatewayPorts 9.2.1.2 Remote forwarding
9.2.2 Trouble with Multiple Connections 9.2.3 Comparing Local and Remote Port Forwarding
9.2.3.1 Common elements 9.2.3.2 Local versus remote forwarding: the distinction
9.2.4 Forwarding Off-Host
9.2.4.1 Privacy 9.2.4.2 Access control and the loopback address 9.2.4.3 Listening on ("binding") an interface
9.2.5 Bypassing a Firewall 9.2.6 Port Forwarding Without a Remote Login
9.2.6.1 One-shot forwarding
9.2.7 The Listening Port Number 9.2.8 Choosing the Target Forwarding Address 9.2.9 Termination
9.2.9.1 The TIME_WAIT problem
9.2.10 Configuring Port Forwarding in the Server
9.2.10.1 Compile-time configuration 9.2.10.2 Serverwide configuration 9.2.10.3 Per-account configuration
9.2.11 Protocol-Specific Forwarding: FTP
Dynamic Port Forwarding
9.3.1. SOCKS v4, SOCKS v5, and Names 9.3.2 Other Uses of Dynamic Forwarding
X Forwarding
9.4.1 The X Window System 9.4.2 How X Forwarding Works 9.4.3 Enabling X Forwarding 9.4.4 Configuring X Forwarding
9.4.4.1 Compile-time configuration 9.4.4.2 Serverwide configuration 9.4.4.3 Per-account configuration
9.4.5 X Authentication
9.4.5.1 How X authentication works 9.4.5.2 xauth and the SSH rc files 9.4.5.3 Trusted X forwarding 9.4.5.4 Problems with X authentication 9.4.5.5 SSH and authentication spoofing 9.4.5.6 Improving authentication spoofing 9.4.5.7 Nonstandard X clients
9.4.6 Further Issues
9.4.6.1 X server configuration 9.4.6.2 Setting your DISPLAY environment variable 9.4.6.3 Shared accounts 9.4.6.4 Location of the xauth program 9.4.6.5 X forwarding and the GatewayPorts feature
Forwarding Security: TCP-Wrappers and libwrap
9.5.1 TCP-Wrappers Configuration 9.5.2 Notes About TCP-Wrappers
Summary
10. A Recommended Setup
The Basics Compile-Time Configuration Serverwide Configuration
10.3.1 Disable Other Means of Access 10.3.2 sshd_config for OpenSSH
10.3.2.1 Choice of protocol 10.3.2.2 Important files 10.3.2.3 File and directory permissions 10.3.2.4 TCP/IP settings 10.3.2.5 Login time 10.3.2.6 Authentication 10.3.2.7 Access control 10.3.2.8 Forwarding 10.3.2.9 SFTP
10.3.3 sshd2_config for Tectia
10.3.3.1 Choice of protocol 10.3.3.2 Important files 10.3.3.3 File and directory permissions 10.3.3.4 TCP/IP settings 10.3.3.5 Login time 10.3.3.6 Authentication 10.3.3.7 Access control 10.3.3.8 Forwarding 10.3.3.9 Encryption 10.3.3.10 SFTP
Per-Account Configuration Key Management Client Configuration Remote Home Directories (NFS, AFS)
10.7.1 NFS Security Risks 10.7.2 NFS Access Problems 10.7.3 AFS Access Problems
Summary
11. Case Studies
Unattended SSH: Batch or cron Jobs
11.1.1 Password Authentication 11.1.2 Public-Key Authentication
11.1.2.1 Storing the passphrase in the filesystem 11.1.2.2 Using a plaintext key 11.1.2.3 Using an agent
11.1.3 Hostbased Authentication 11.1.4 Kerberos 11.1.5 General Precautions for Batch Jobs
11.1.5.1 Least-privilege accounts 11.1.5.2 Separate, locked-down automation accounts 11.1.5.3 Restricted-use keys 11.1.5.4 Useful ssh options
11.1.6 Recommendations
FTP and SSH
11.2.1 FTP-Specific Tools for SSH
11.2.1.1 VanDyke's SecureFX 11.2.1.2 Tectia client
11.2.2 Static Port Forwarding and FTP: A Study in Pain 11.2.3 The FTP Protocol 11.2.4 Forwarding the Control Connection
11.2.4.1 Choosing the forwarding target 11.2.4.2 Using passive mode 11.2.4.3 The "PASV port theft" problem
11.2.5 FTP, Firewalls, and Passive Mode 11.2.6 FTP and Network Address Translation (NAT)
11.2.6.1 Server-side NAT issues
11.2.7 All About Data Connections
11.2.7.1 The usual method of file transfer 11.2.7.2 Passive mode in depth 11.2.7.3 FTP with the default data ports
11.2.8 Forwarding the Data Connection
Pine, IMAP, and SSH
11.3.1 Securing IMAP Authentication
11.3.1.1 Pine and preauthenticated IMAP 11.3.1.2 Making Pine use SSH
11.3.2 Mail Relaying and News Access 11.3.3 Using a Connection Script
Connecting Through a Gateway Host
11.4.1 Making Transparent SSH Connections 11.4.2 Using SCP Through a Gateway 11.4.3 Another Approach: SSH-in-SSH (Port Forwarding) 11.4.4 SSH-in-SSH with a Proxy Command (OpenSSH) 11.4.5 Comparing the Techniques
11.4.5.1 Smoothness 11.4.5.2 Security
Scalable Authentication for SSH
11.5.1 Tectia with X.509 Certificates
11.5.1.1 What's a PKI? 11.5.1.2 Using certificates with Tectia host keys 11.5.1.3 A simple configuration 11.5.1.4 Getting a certificate 11.5.1.5 Hostkey verification: configuring the server 11.5.1.6 Hostkey verification: configuring the Client 11.5.1.7 User authentication: configuring the client 11.5.1.8 User authentication: configuring the server
11.5.2 OpenSSH and Tectia with Kerberos
11.5.2.1 How Kerberos works 11.5.2.2 Kerberos support in SSH 11.5.2.3 Kerberos interoperability with OpenSSH and Tectia
Tectia Extensions to Server Configuration Files
11.6.1 Metaconfiguration 11.6.2 Subconfiguration Files 11.6.3 Quoted Values
Tectia Plugins
11.7.1 A Plugin for Changing Expired Passwords
11.7.1.1 The ssh-passwd-plugin program 11.7.1.2 A Perl package implementing the Tectia plugin protocol 11.7.1.3 Creating a customized password-change plugin
11.7.2 A Plugin for Keyboard-Interactive Authentication 11.7.3 A Plugin for External Authorization
12. Troubleshooting and FAQ
Debug Messages: Your First Line of Defense
12.1.1 Client Debugging 12.1.2 Server Debugging
The Top 10 SSH Questions
Problems and Solutions
12.2.1 General Problems 12.2.2 Authentication Problems
12.2.2.1 General authentication problems 12.2.2.2 Password authentication 12.2.2.3 Hostbased authentication 12.2.2.4 Public-key authentication 12.2.2.5 PGP key authentication
12.2.3 Key and Agent Problems
12.2.3.1 ssh-keygen 12.2.3.2 ssh-agent and ssh-add 12.2.3.3 Per-account authorization files
12.2.4 Server Problems
12.2.4.1 sshd_config, sshd2_config
12.2.5 Client Problems
12.2.5.1 General client problems 12.2.5.2 Client configuration file 12.2.5.3 ssh 12.2.5.4 scp 12.2.5.5 sftp 12.2.5.6 Port forwarding
Other SSH Resources
12.3.1 Web Sites 12.3.2 Usenet Newsgroups
13. Overview of Other Implementations
Common Features Covered Products Other SSH Products
13.3.1 BeOS 13.3.2 Commodore Amiga 13.3.3 GNU Emacs 13.3.4 Java 13.3.5 Macintosh OS 9 13.3.6 Macintosh OS X 13.3.7 Microsoft Windows 13.3.8 Microsoft Windows CE (PocketPC) 13.3.9 OS/2 13.3.10 Palm OS 13.3.11 Perl 13.3.12 Unix Variants (Linux, OpenBSD, etc.) 13.3.13 VMS
14. OpenSSH for Windows
Installation Using the SSH Clients Setting Up the SSH Server
14.3.1 Opening Remote Windows on the Desktop
Public-Key Authentication
14.4.1 Running an Agent
Troubleshooting Summary
15. OpenSSH for Macintosh
Using the SSH Clients Using the OpenSSH Server
15.2.1 Enabling the Server 15.2.2 Opening the Firewall 15.2.3 Control by xinetd 15.2.4 Server Configuration Details 15.2.5 Kerberos Support
16. Tectia for Windows
Obtaining and Installing Basic Client Use Key Management Accession Lite Advanced Client Use Port Forwarding Connector
16.7.1 General Settings 16.7.2 Servers for Outgoing SSH Connections 16.7.3 Filter Rules for Dynamic Port Forwarding 16.7.4 Configuration File
File Transfers Command-Line Programs Troubleshooting Server
16.11.1 Server Operation 16.11.2 Server Configuration 16.11.3 Commands and Interactive Sessions 16.11.4 Authentication 16.11.5 Access Control 16.11.6 Forwarding 16.11.7 SFTP Server 16.11.8 Logging and Debugging
17. SecureCRT and SecureFX for Windows
Obtaining and Installing Basic Client Use Key Management
17.3.1 Key Generation Wizard
17.3.1.1 Automatic installation of keys 17.3.1.2 Manual installation of keys
17.3.2 Using Multiple Identities 17.3.3 The SSH Agent
Advanced Client Use
17.4.1 Mandatory Fields 17.4.2 Data Compression 17.4.3 Firewall Use
Forwarding
17.5.1 Port Forwarding 17.5.2 X Forwarding
Command-Line Client Programs File Transfer
17.7.1 The vcp and vsftp Commands 17.7.2 Zmodem File Transfer 17.7.3 SecureFX
Troubleshooting
17.8.1 Authentication 17.8.2 Forwarding
VShell Summary
18. PuTTY for Windows
Obtaining and Installing Basic Client Use
18.2.1 Plink, a Console Client 18.2.2 Running Remote Commands
File Transfer
18.3.1 File Transfer with PSCP 18.3.2 File Transfer with PSFTP
Key Management
18.4.1 Choosing a Key 18.4.2 Pageant, an SSH Agent
Advanced Client Use
18.5.1 Saved Sessions 18.5.2 Host Keys 18.5.3 Choosing a Protocol Version 18.5.4 TCP/IP Settings
18.5.4.1 Selecting a remote port 18.5.4.2 Keepalive messages 18.5.4.3 The Nagle Algorithm
18.5.5 Pseudo-Terminal Allocation 18.5.6 Proxies and SOCKS 18.5.7 Encryption Algorithms 18.5.8 Authentication 18.5.9 Compression 18.5.10 Logging and Debugging 18.5.11 Batch Jobs
Forwarding
18.6.1 Forwarding with PuTTY 18.6.2 Forwarding with Plink
Summary
A. OpenSSH 4.0 New Features
Server Features: sshd
Logging of Access Control Violations AddressFamily Keyword Password and Account Expiration Warnings
Client Features: ssh, scp, and sftp
KbdInteractiveDevices Keyword More Control for Connection Sharing Hashing of Hostnames Port Forwarding sftp Command-Line Features
ssh-keygen
Hashing Your Known Hosts File Managing Hosts
B. Tectia Manpage for sshregex
Regex Syntax: Egrep Patterns
Escaped Tokens for Regex Syntax Egrep
Regex Syntax: ZSH_FILEGLOB (or Traditional) Patterns Character Sets for Egrep and ZSH_FILEGLOB
Example
Regex Syntax: SSH Patterns
Escaped Tokens for Regex Syntax SSH Character Sets for Regex Syntax SSH
Example
Authors See Also
C. Tectia Module Names for Debugging
D. SSH-1 Features of OpenSSH and Tectia
OpenSSH Features
Serverwide Configuration Client Configuration Files
Tectia Features
Serverwide Configuration Client Configuration File Transfers Key Management Authentication Agent
E. SSH Quick Reference
Legend sshd Options sshd Keywords ssh Options scp Options ssh and scp Keywords ssh-keygen Options ssh-agent Options ssh-add Options Identity and Authorization Files, OpenSSH Identity and Authorization Files, Tectia Environment Variables
Index About the Authors Colophon SPECIAL OFFER: Upgrade this ebook with O’Reilly
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion