Table of Contents
Preface
Protect Your Network with SSH
Intended Audience
End-User Audience
Prerequisites
System-Administrator Audience
Prerequisites
Reading This Book
Our Approach
Which Chapters Are for You?
Supported Platforms
Disclaimers
Conventions Used in This Book
Comments and Questions
Safari Enabled
Acknowledgments
Introduction to SSH
1.1 What Is SSH?
1.2 What SSH Is Not
1.3 The SSH Protocol
1.3.1 Protocols, Products, Clients, and Confusion
1.4 Overview of SSH Features
1.4.1 Secure Remote Logins
1.4.2 Secure File Transfer
1.4.3 Secure Remote Command Execution
1.4.4 Keys and Agents
1.4.5 Access Control
1.4.6 Port Forwarding
1.5 History of SSH
1.6 Related Technologies
1.6.1 rsh Suite (r-Commands)
1.6.2 Pretty Good Privacy (PGP) and GNU Privacy Guard (GnuPG)
1.6.3 Kerberos
1.6.4 IPSEC and Virtual Private Networks
1.6.5 Secure Remote Password (SRP)
1.6.6 Secure Socket Layer (SSL) Protocol
1.6.7 SSL-Enhanced Telnet and FTP
1.6.8 stunnel
1.6.9 Firewalls
1.7 Summary
Basic Client Use
2.1 A Running Example
2.2 Remote Terminal Sessions with ssh
2.2.1 File Transfer with scp
2.3 Adding Complexity to the Example
2.3.1 Known Hosts
2.3.2 The Escape Character
2.4 Authentication by Cryptographic Key
2.4.1 A Brief Introduction to Keys
2.4.2 Generating Key Pairs with ssh-keygen
2.4.3 Installing a Public Key on an SSH Server Machine
2.4.3.1 Instructions for OpenSSH
2.4.3.2 Instructions for Tectia
2.4.4 If You Change Your Key
2.5 The SSH Agent
2.5.1 Agents and Automation
2.5.2 A More Complex Passphrase Problem
2.5.3 Agent Forwarding
2.6 Connecting Without a Password or Passphrase
2.7 Miscellaneous Clients
2.7.1 sftp
2.7.2 slogin
2.8 Summary
Inside SSH
3.1 Overview of Features
3.1.1 Privacy (Encryption)
3.1.2 Integrity
3.1.3 Authentication
3.1.4 Authorization
3.1.5 Forwarding ( Tunneling)
3.2 A Cryptography Primer
3.2.1 How Secure Is Secure?
3.2.2 Public- and Secret-Key Cryptography
3.2.3 Hash Functions
3.3 The Architecture of an SSH System
3.4 Inside SSH-2
3.4.1 Protocol Summary
3.4.2 SSH Transport Layer Protocol (SSH-TRANS)
3.4.2.1 Connection
3.4.2.2 Protocol version selection
3.4.2.3 Parameter negotiation
3.4.2.4 Key exchange and server authentication
3.4.2.5 Server authentication and antispoofing: some gory details
3.4.2.6 Wonder security powers, activate!
3.4.3 SSH Authentication Protocol (SSH-AUTH)
3.4.3.1 The authentication request
3.4.3.2 The authentication response
3.4.3.3 Getting started: the “none” request
3.4.3.4 Public-key authentication
3.4.3.5 Password authentication
3.4.3.6 Hostbased authentication
3.4.4 SSH Connection Protocol (SSH-CONN)
3.4.4.1 Channels
3.4.4.2 Requests
3.4.4.3 The finish line
3.5 Inside SSH-1
3.6 Implementation Issues
3.6.1 Host Keys
3.6.2 Authorization in Hostbased Authentication
3.6.2.1 Hostbased access files
3.6.2.2 Control file details
3.6.2.3 Netgroups as wildcards
3.6.2.4 Summary
3.6.3 SSH-1 Backward Compatibility
3.6.4 Randomness
3.6.5 Privilege Separation in OpenSSH
3.7 SSH and File Transfers (scp and sftp)
3.7.1 What’s in a Name?
3.7.2 scp Details
3.7.3 scp2/sftp Details
3.8 Algorithms Used by SSH
3.8.1 Public-Key Algorithms
3.8.1.1 Rivest-Shamir-Adleman (RSA)
3.8.1.2 Digital Signature Algorithm (DSA)
3.8.1.3 Diffie-Hellman key agreement
3.8.2 Secret-Key Algorithms
3.8.2.1 International Data Encryption Algorithm (IDEA)
3.8.2.2 Advanced Encryption Standard (AES)
3.8.2.3 Data Encryption Standard (DES)
3.8.2.4 Triple-DES
3.8.2.5 ARCFOUR (RC4)
3.8.2.6 Blowfish
3.8.2.7 Twofish
3.8.2.8 CAST
3.8.3 Hash Functions
3.8.3.1 CRC-32
3.8.3.2 MD5
3.8.3.3 SHA-1
3.8.3.4 RIPEMD-160
3.8.4 Compression Algorithms: zlib
3.9 Threats SSH Can Counter
3.9.1 Eavesdropping
3.9.2 Name Service and IP Spoofing
3.9.3 Connection Hijacking
3.9.4 Man-in-the-Middle Attacks
3.10 Threats SSH Doesn’t Prevent
3.10.1 Password Cracking
3.10.2 IP and TCP Attacks
3.10.3 Traffic Analysis
3.10.4 Covert Channels
3.10.5 Carelessness
3.11 Threats Caused by SSH
3.12 Summary
Installation and Compile-Time Configuration
4.1. Overview
4.1.1 Install the Prerequisites
4.1.2 Obtain the Sources
4.1.3 Verify the Signature
4.1.4 Extract the Source Files
4.1.5 Perform Compile-Time Configuration
4.1.6 Compile Everything
4.1.7 Install the Programs and Configuration Files
4.2 Installing OpenSSH
4.2.1 Prerequisites
4.2.2 Downloading and Extracting the Files
4.2.2.1 Verifying with GnuPG
4.2.3 Building and Installing
4.2.4 Configuration Options
4.2.4.1 File locations
4.2.4.2 Random number generation
4.2.4.3 Networking
4.2.4.4 Authentication
4.2.4.5 Access control
4.3 Installing Tectia
4.3.1 Prerequisites
4.3.2 Obtaining and Extracting the Files
4.3.3 Verifying with md5sum
4.3.4 Building and Installing
4.3.5 Configuration Options
4.3.5.1 File locations and permission
4.3.5.2 Random number generation
4.3.5.3 Networking
4.3.5.4 X Window System
4.3.5.5 TCP port forwarding
4.3.5.6 Encryption
4.3.5.7 Authentication
4.3.5.8 SOCKS proxies
4.3.5.9 Debugging
4.3.5.10 SSH-1 protocol compatibility
4.3.6 SSH-1 Compatibility Support for Tectia
4.4 Software Inventory
4.5 Replacing r Commands with SSH
4.5.1 Concurrent Versions System (CVS)
4.5.2 GNU Emacs
4.5.3 Pine
4.5.4 rsync, rdist
4.6 Summary
Serverwide Configuration
5.1 Running the Server
5.1.1 Running sshd as the Superuser
5.1.2 Running sshd as an Ordinary User
5.2 Server Configuration: An Overview
5.2.1 Server Configuration Files
5.2.2 Checking Configuration Files
5.2.2.1 Checking OpenSSH configuration files
5.2.2.2 Checking Tectia configuration files
5.2.3 Command-Line Options
5.2.4 Changing the Configuration
5.2.5 A Tricky Reconfiguration Example
5.3 Getting Ready: Initial Setup
5.3.1 File Locations
5.3.1.1 Host key files
5.3.1.2 Random seed file
5.3.1.3 Process ID file
5.3.1.4 Server configuration file
5.3.1.5 User SSH directory
5.3.1.6 Per-account authorization files
5.3.1.7 utmp file structure
5.3.2 File Permissions
5.3.2.1 Acceptable permissions for user files
5.3.3 TCP/IP Settings
5.3.3.1 Port number and network interface
5.3.3.2 Invocation by inetd or xinetd
5.3.3.3 Restarting the SSH server for each connection
5.3.3.4 Keepalive messages
5.3.3.5 Idle connections
5.3.3.6 Failed logins
5.3.3.7 Limiting simultaneous connections
5.3.3.8 Reverse IP mappings
5.3.3.9 Controlling the Nagle Algorithm
5.3.3.10 Discovering other servers
5.3.4 Key Regeneration
5.3.5 Encryption Algorithms
5.3.6 Integrity-Checking (MAC) Algorithms
5.3.7 SSH Protocol Settings
5.3.7.1 Protocol version string
5.3.8 Compression
5.4 Authentication: Verifying Identities
5.4.1 Authentication Syntax
5.4.2 Password Authentication
5.4.2.1 Failed password attempts
5.4.2.2 Empty passwords
5.4.2.3 Expired passwords
5.4.3 Public-Key Authentication
5.4.4 Hostbased Authentication
5.4.5 Keyboard-Interactive Authentication
5.4.5.1 OpenSSH keyboard-interactive authentication
5.4.5.2 Tectia’s keyboard-interactive authentication
5.4.6 PGP Authentication
5.4.7 Kerberos Authentication
5.4.7.1 Kerberos and OpenSSH
5.4.7.2 Kerberos and Tectia
5.4.8 PAM Authentication
5.4.9 Privilege Separation
5.4.10 Selecting a Login Program
5.5 Access Control: Letting People In
5.5.1 Account Access Control
5.5.1.1 Restricting all logins
5.5.2 Group Access Control
5.5.3 Hostname Access Control
5.5.4 shosts Access Control
5.5.5 Root Access Control
5.5.6 External Access Control
5.5.7 Restricting Directory Access with chroot
5.5.8 Summary of Authentication and Access Control
5.6 User Logins and Accounts
5.6.1 Welcome Messages for the User
5.6.2 Setting Environment Variables
5.6.3 Initialization Scripts
5.7 Forwarding
5.7.1 Port Forwarding
5.7.2 X Forwarding
5.7.3 Agent Forwarding
5.8 Subsystems
5.9 Logging and Debugging
5.9.1 OpenSSH Logging and Debugging
5.9.2 Tectia Logging and Debugging
5.9.3 Debugging Under inetd or xinetd
5.10 Compatibility Between SSH-1 and SSH-2 Servers
5.10.1 Security Issues with Tectia’s SSH-1 Compatibility Mode
5.11 Summary
Key Management and Agents
6.1 What Is an Identity?
6.1.1 OpenSSH Identities
6.1.2 Tectia Identities
6.2 Creating an Identity
6.2.1 Generating Keys for OpenSSH
6.2.1.1 Creating OpenSSH keys
6.2.1.2 Working with OpenSSH keys
6.2.2 Generating Keys for Tectia
6.2.2.1 Creating Tectia keys
6.2.2.2 Working with Tectia keys
6.2.3 Selecting a Passphrase
6.2.4 Generating New Groups for Diffie-Hellman Key Exchange
6.3 SSH Agents
6.3.1 Agents Do Not Expose Keys
6.3.2 Starting an Agent
6.3.2.1 Single-shell method
6.3.2.2 Subshell method
6.3.2.3 Format of environment variable commands
6.3.3 Loading Keys with ssh-add
6.3.3.1 Automatic agent loading (single-shell method)
6.3.3.2 Automatic agent loading (subshell method)
6.3.3.3 Automatic agent loading (X Window System)
6.3.4 Agents and Security
6.3.4.1 Access control
6.3.4.2 Cracking an agent
6.3.5 Agent Forwarding
6.3.5.1 A firewall example
6.3.5.2 How agent forwarding works
6.3.5.3 Enabling agent forwarding
6.3.6 Agent CPU Usage
6.3.7 Debugging the Agent
6.4 Multiple Identities
6.4.1 Switching Identities Manually
6.4.2 Switching Identities with an Agent
6.4.3 Tailoring Sessions Based on Identity
6.5 PGP Authentication in Tectia
6.6 Tectia External Keys
6.7 Summary
Advanced Client Use
7.1 How to Configure Clients
7.1.1 Command-Line Options
7.1.2 Client Configuration Files
7.1.2.1 Keywords versus command-line options
7.1.2.2 Global and local files
7.1.2.3 Configuration-file sections
7.1.2.4 Multiple matches
7.1.2.5 Making nicknames for hosts
7.1.2.6 Comments, indenting, and style
7.1.3 Environment Variables
7.2 Precedence
7.3 Introduction to Verbose Mode
7.4 Client Configuration in Depth
7.4.1 Remote Account Name
7.4.1.1 Tricks with remote account names
7.4.2 User Identity
7.4.2.1 Using identities
7.4.3 Host Keys and Known-Hosts Databases
7.4.3.1 Strict host-key checking
7.4.3.2 Verifying host keys by DNS
7.4.3.3 Host key aliasing
7.4.3.4 Ignoring host keys for localhost
7.4.3.5 Moving the known hosts files
7.4.4 SSH Protocol Settings
7.4.4.1 Choosing a protocol version
7.4.4.2 Connection sharing
7.4.4.3 Setting environment variables in the server
7.4.5 TCP/IP Settings
7.4.5.1 Selecting a remote port
7.4.5.2 Connecting via a given network interface
7.4.5.3 Forcing a nonprivileged local port
7.4.5.4 Keepalive messages
7.4.5.5 Controlling TCP_NODELAY
7.4.5.6 Requiring IPv4 and IPv6
7.4.6 Making Connections
7.4.6.1 Number of connection attempts
7.4.6.2 Password prompting in OpenSSH
7.4.6.3 Password prompting in Tectia
7.4.6.4 Batch mode: suppressing prompts
7.4.6.5 Pseudo-terminal allocation (TTY/PTY/PTTY)
7.4.6.6 Backgrounding a remote command
7.4.6.7 Backgrounding a remote command, take two
7.4.6.8 Escaping
7.4.7 Proxies and SOCKS
7.4.7.1 SOCKS in OpenSSH: using DynamicForward
7.4.7.2 SOCKS in Tectia
7.4.8 Forwarding
7.4.9 Encryption Algorithms
7.4.10 Integrity-Checking (MAC) Algorithms
7.4.11 Host Key Types
7.4.12 Session Rekeying
7.4.13 Authentication
7.4.13.1 Requesting an authentication technique
7.4.13.2 The server is the boss
7.4.13.3 Detecting successful authentication
7.4.13.4 Using ssh-keysign for hostbased authentication
7.4.14 Data Compression
7.4.15 Program Locations
7.4.16 Subsystems
7.4.17 Logging and Debugging
7.4.18 Random Seeds
7.5 Secure Copy with scp
7.5.1 Full Syntax of scp
7.5.2 Handling of Wildcards
7.5.3 Recursive Copy of Directories
7.5.4 Preserving Permissions
7.5.5 Automatic Removal of Original File
7.5.6 Safety Features
7.5.6.1 Directory confirmation
7.5.6.2 No-execute mode
7.5.6.3 Overwriting existing files
7.5.7 Batch Mode
7.5.8 User Identity
7.5.9 SSH Protocol Settings
7.5.10 TCP/IP Settings
7.5.11 Encryption Algorithms
7.5.12 Controlling Bandwidth
7.5.13 Data Compression
7.5.14 File Conversion
7.5.15 Optimizations
7.5.16 Statistics Display
7.5.17 Locating the ssh Executable
7.5.18 Getting Help
7.5.19 For Internal Use Only
7.5.20 Further Configuration
7.6 Secure, Interactive Copy with sftp
7.6.1 Interactive Commands
7.6.2 Command-Line Options
7.7 Summary
Per-Account Server Configuration
8.1 Limits of This Technique
8.1.1 Overriding Serverwide Settings
8.1.2 Authentication Issues
8.2 Public-Key-Based Configuration
8.2.1 OpenSSH Authorization Files
8.2.2 Tectia Authorization Files
8.2.2.1 Tectia PGP key authentication
8.2.3 Forced Commands
8.2.3.1 Security issues
8.2.3.2 Rejecting connections with a custom message
8.2.3.3 Displaying a command menu
8.2.3.4 Examining the client’s original command
8.2.3.5 Restricting a client’s original command
8.2.3.6 Logging a client’s original command
8.2.3.7 Forced commands and secure copy (scp)
8.2.4 Restricting Access by Host or Domain
8.2.4.1 OpenSSH host access control
8.2.4.2 Tectia host access control
8.2.5 Setting Environment Variables
8.2.5.1 Example: CVS and $LOGNAME
8.2.6 Setting Idle Timeout
8.2.7 Disabling or Limiting Forwarding
8.2.8 Disabling TTY Allocation
8.3 Hostbased Access Control
8.4 The User rc File
8.5 Summary
Port Forwarding and X Forwarding
9.1 What Is Forwarding?
9.2 Port Forwarding
9.2.1 Local Forwarding
9.2.1.1 Local forwarding and GatewayPorts
9.2.1.2 Remote forwarding
9.2.2 Trouble with Multiple Connections
9.2.3 Comparing Local and Remote Port Forwarding
9.2.3.1 Common elements
9.2.3.2 Local versus remote forwarding: the distinction
9.2.4 Forwarding Off-Host
9.2.4.1 Privacy
9.2.4.2 Access control and the loopback address
9.2.4.3 Listening on (“binding”) an interface
9.2.5 Bypassing a Firewall
9.2.6 Port Forwarding Without a Remote Login
9.2.6.1 One-shot forwarding
9.2.7 The Listening Port Number
9.2.8 Choosing the Target Forwarding Address
9.2.9 Termination
9.2.9.1 The TIME_WAIT problem
9.2.10 Configuring Port Forwarding in the Server
9.2.10.1 Compile-time configuration
9.2.10.2 Serverwide configuration
9.2.10.3 Per-account configuration
9.2.11 Protocol-Specific Forwarding: FTP
9.3 Dynamic Port Forwarding
9.3.1 SOCKS v4, SOCKS v5, and Names
9.3.2 Other Uses of Dynamic Forwarding
9.4 X Forwarding
9.4.1 The X Window System
9.4.2 How X Forwarding Works
9.4.3 Enabling X Forwarding
9.4.4 Configuring X Forwarding
9.4.4.1 Compile-time configuration
9.4.4.2 Serverwide configuration
9.4.4.3 Per-account configuration
9.4.5 X Authentication
9.4.5.1 How X authentication works
9.4.5.2 xauth and the SSH rc files
9.4.5.3 Trusted X forwarding
9.4.5.4 Problems with X authentication
9.4.5.5 SSH and authentication spoofing
9.4.5.6 Improving authentication spoofing
9.4.5.7 Nonstandard X clients
9.4.6 Further Issues
9.4.6.1 X server configuration
9.4.6.2 Setting your DISPLAY environment variable
9.4.6.3 Shared accounts
9.4.6.4 Location of the xauth program
9.4.6.5 X forwarding and the GatewayPorts feature
9.5 Forwarding Security: TCP-Wrappers and libwrap
9.5.1 TCP-Wrappers Configuration
9.5.2 Notes About TCP-Wrappers
9.6 Summary
A Recommended Setup
10.1 The Basics
10.2 Compile-Time Configuration
10.3 Serverwide Configuration
10.3.1 Disable Other Means of Access
10.3.2 sshd_config for OpenSSH
10.3.2.1 Choice of protocol
10.3.2.2 Important files
10.3.2.3 File and directory permissions
10.3.2.4 TCP/IP settings
10.3.2.5 Login time
10.3.2.6 Authentication
10.3.2.7 Access control
10.3.2.8 Forwarding
10.3.2.9 SFTP
10.3.3 sshd2_config for Tectia
10.3.3.1 Choice of protocol
10.3.3.2 Important files
10.3.3.3 File and directory permissions
10.3.3.4 TCP/IP settings
10.3.3.5 Login time
10.3.3.6 Authentication
10.3.3.7 Access control
10.3.3.8 Forwarding
10.3.3.9 Encryption
10.3.3.10 SFTP
10.4 Per-Account Configuration
10.5 Key Management
10.6 Client Configuration
10.7 Remote Home Directories (NFS, AFS)
10.7.1 NFS Security Risks
10.7.2 NFS Access Problems
10.7.3 AFS Access Problems
10.8 Summary
Case Studies
11.1 Unattended SSH: Batch or cron Jobs
11.1.1 Password Authentication
11.1.2 Public-Key Authentication
11.1.2.1 Storing the passphrase in the filesystem
11.1.2.2 Using a plaintext key
11.1.2.3 Using an agent
11.1.3 Hostbased Authentication
11.1.4 Kerberos
11.1.5 General Precautions for Batch Jobs
11.1.5.1 Least-privilege accounts
11.1.5.2 Separate, locked-down automation accounts
11.1.5.3 Restricted-use keys
11.1.5.4 Useful ssh options
11.1.6 Recommendations
11.2 FTP and SSH
11.2.1 FTP-Specific Tools for SSH
11.2.1.1 VanDyke’s SecureFX
11.2.1.2 Tectia client
11.2.2 Static Port Forwarding and FTP: A Study in Pain
11.2.3 The FTP Protocol
11.2.4 Forwarding the Control Connection
11.2.4.1 Choosing the forwarding target
11.2.4.2 Using passive mode
11.2.4.3 The “PASV port theft” problem
11.2.5 FTP, Firewalls, and Passive Mode
11.2.6 FTP and Network Address Translation (NAT)
11.2.6.1 Server-side NAT issues
11.2.7 All About Data Connections
11.2.7.1 The usual method of file transfer
11.2.7.2 Passive mode in depth
11.2.7.3 FTP with the default data ports
11.2.8 Forwarding the Data Connection
11.3 Pine, IMAP, and SSH
11.3.1 Securing IMAP Authentication
11.3.1.1 Pine and preauthenticated IMAP
11.3.1.2 Making Pine use SSH
11.3.2 Mail Relaying and News Access
11.3.3 Using a Connection Script
11.4 Connecting Through a Gateway Host
11.4.1 Making Transparent SSH Connections
11.4.2 Using SCP Through a Gateway
11.4.3 Another Approach: SSH-in-SSH (Port Forwarding)
11.4.4 SSH-in-SSH with a Proxy Command (OpenSSH)
11.4.5 Comparing the Techniques
11.4.5.1 Smoothness
11.4.5.2 Security
11.5 Scalable Authentication for SSH
11.5.1 Tectia with X.509 Certificates
11.5.1.1 What’s a PKI?
11.5.1.2 Using certificates with Tectia host keys
11.5.1.3 A simple configuration
11.5.1.4 Getting a certificate
11.5.1.5 Hostkey verification: configuring the server
11.5.1.6 Hostkey verification: configuring the Client
11.5.1.7 User authentication: configuring the client
11.5.1.8 User authentication: configuring the server
11.5.2 OpenSSH and Tectia with Kerberos
11.5.2.1 How Kerberos works
11.5.2.2 Kerberos support in SSH
11.5.2.3 Kerberos interoperability with OpenSSH and Tectia
11.6 Tectia Extensions to Server Configuration Files
11.6.1 Metaconfiguration
11.6.2 Subconfiguration Files
11.6.3 Quoted Values
11.7 Tectia Plugins
11.7.1 A Plugin for Changing Expired Passwords
11.7.1.1 The ssh-passwd-plugin program
11.7.1.2 A Perl package implementing the Tectia plugin protocol
11.7.1.3 Creating a customized password-change plugin
11.7.2 A Plugin for Keyboard-Interactive Authentication
11.7.3 A Plugin for External Authorization
Troubleshooting and FAQ
12.1 Debug Messages: Your First Line of Defense
12.1.1 Client Debugging
12.1.2 Server Debugging
12.2 Problems and Solutions
12.2.1 General Problems
12.2.2 Authentication Problems
12.2.2.1 General authentication problems
12.2.2.2 Password authentication
12.2.2.3 Hostbased authentication
12.2.2.4 Public-key authentication
12.2.2.5 PGP key authentication
12.2.3 Key and Agent Problems
12.2.3.1 ssh-keygen
12.2.3.2 ssh-agent and ssh-add
12.2.3.3 Per-account authorization files
12.2.4 Server Problems
12.2.4.1 sshd_config, sshd2_config
12.2.5 Client Problems
12.2.5.1 General client problems
12.2.5.2 Client configuration file
12.2.5.3 ssh
12.2.5.4 scp
12.2.5.5 sftp
12.2.5.6 Port forwarding
12.3 Other SSH Resources
12.3.1 Web Sites
12.3.2 Usenet Newsgroups
Overview of Other Implementations
13.1 Common Features
13.2 Covered Products
13.3 Other SSH Products
13.3.1 BeOS
13.3.2 Commodore Amiga
13.3.3 GNU Emacs
13.3.4 Java
13.3.5 Macintosh OS 9
13.3.6 Macintosh OS X
13.3.7 Microsoft Windows
13.3.8 Microsoft Windows CE (PocketPC)
13.3.9 OS/2
13.3.10 Palm OS
13.3.11 Perl
13.3.12 Unix Variants (Linux, OpenBSD, etc.)
13.3.13 VMS
OpenSSH for Windows
14.1 Installation
14.2 Using the SSH Clients
14.3 Setting Up the SSH Server
14.3.1 Opening Remote Windows on the Desktop
14.4 Public-Key Authentication
14.4.1 Running an Agent
14.5 Troubleshooting
14.6 Summary
OpenSSH for Macintosh
15.1 Using the SSH Clients
15.2 Using the OpenSSH Server
15.2.1 Enabling the Server
15.2.2 Opening the Firewall
15.2.3 Control by xinetd
15.2.4 Server Configuration Details
15.2.5 Kerberos Support
Tectia for Windows
16.1 Obtaining and Installing
16.2 Basic Client Use
16.3 Key Management
16.4 Accession Lite
16.5 Advanced Client Use
16.6 Port Forwarding
16.7 Connector
16.7.1 General Settings
16.7.2 Servers for Outgoing SSH Connections
16.7.3 Filter Rules for Dynamic Port Forwarding
16.7.4 Configuration File
16.8 File Transfers
16.9 Command-Line Programs
16.10 Troubleshooting
16.11 Server
16.11.1 Server Operation
16.11.2 Server Configuration
16.11.3 Commands and Interactive Sessions
16.11.4 Authentication
16.11.5 Access Control
16.11.6 Forwarding
16.11.7 SFTP Server
16.11.8 Logging and Debugging
SecureCRT and SecureFX for Windows
17.1 Obtaining and Installing
17.2 Basic Client Use
17.3 Key Management
17.3.1 Key Generation Wizard
17.3.1.1 Automatic installation of keys
17.3.1.2 Manual installation of keys
17.3.2 Using Multiple Identities
17.3.3 The SSH Agent
17.4 Advanced Client Use
17.4.1 Mandatory Fields
17.4.2 Data Compression
17.4.3 Firewall Use
17.5 Forwarding
17.5.1 Port Forwarding
17.5.2 X Forwarding
17.6 Command-Line Client Programs
17.7 File Transfer
17.7.1 The vcp and vsftp Commands
17.7.2 Zmodem File Transfer
17.7.3 SecureFX
17.8 Troubleshooting
17.8.1 Authentication
17.8.2 Forwarding
17.9 VShell
17.10 Summary
PuTTY for Windows
18.1 Obtaining and Installing
18.2 Basic Client Use
18.2.1 Plink, a Console Client
18.2.2 Running Remote Commands
18.3 File Transfer
18.3.1 File Transfer with PSCP
18.3.2 File Transfer with PSFTP
18.4 Key Management
18.4.1 Choosing a Key
18.4.2 Pageant, an SSH Agent
18.5 Advanced Client Use
18.5.1 Saved Sessions
18.5.2 Host Keys
18.5.3 Choosing a Protocol Version
18.5.4 TCP/IP Settings
18.5.4.1 Selecting a remote port
18.5.4.2 Keepalive messages
18.5.4.3 The Nagle Algorithm
18.5.5 Pseudo-Terminal Allocation
18.5.6 Proxies and SOCKS
18.5.7 Encryption Algorithms
18.5.8 Authentication
18.5.9 Compression
18.5.10 Logging and Debugging
18.5.11 Batch Jobs
18.6 Forwarding
18.6.1 Forwarding with PuTTY
18.6.2 Forwarding with Plink
18.7 Summary
OpenSSH 4.0 New Features
Server Features: sshd
Logging of Access Control Violations
AddressFamily Keyword
Password and Account Expiration Warnings
Client Features: ssh, scp, and sftp
KbdInteractiveDevices Keyword
More Control for Connection Sharing
Hashing of Hostnames
Port Forwarding
sftp Command-Line Features
ssh-keygen
Hashing Your Known Hosts File
Managing Hosts
Tectia Manpage for sshregex
Regex Syntax: Egrep Patterns
Escaped Tokens for Regex Syntax Egrep
Regex Syntax: ZSH_FILEGLOB (or Traditional) Patterns
Character Sets for Egrep and ZSH_FILEGLOB
Example
Regex Syntax: SSH Patterns
Escaped Tokens for Regex Syntax SSH
Character Sets for Regex Syntax SSH
Example
Authors
See Also
Tectia Module Names for Debugging
SSH-1 Features of OpenSSH and Tectia
OpenSSH Features
Serverwide Configuration
Client Configuration
Files
Tectia Features
Serverwide Configuration
Client Configuration
File Transfers
Key Management
Authentication Agent
SSH Quick Reference
Legend
sshd Options
sshd Keywords
ssh Options
scp Options
ssh and scp Keywords
ssh-keygen Options
ssh-agent Options
ssh-add Options
Identity and Authorization Files, OpenSSH
Identity and Authorization Files, Tectia
Environment Variables
Index