Michael W Lucas' book: SSH Mastery: OpenSSH, Putty, Tunnels and Keys.
Good enough that I avoided buying the book, even when it was
released with funding support my favourite Open Source project (OpenBSD with
OpenSSH.) Good enough that after recieving a blogger review copy the first thing
I did was to hit the corporate buy button to order a legitimate
print/e-book copy for my cohort, fellow sysadmin, users. Why?
I was under some insane self delusion that I didn't want to be bound
by the book's research, so that I can ethically 'document' my own stumbles
into SSH to share freely with others. Fortunately, a short look at the books
contents and the better solution for users and System Administrators, is to
just buy this book.
What value is there in this book:
- The Guru in the room
- Saving Money
- Augmented Reality (extending your infrastructure)
- Saving Time
The Guru in the room
We don't know what we don't know.
The fastest path of learning I've enjoyed has been as the new kid amongst
'zen masters' who danced on their keyboards making magic happen across
our network(s). Unfortunately the real masters moved on and we graduate
a little higher up the ladder until we've reached the peak of our incompetence.
The book is a good reference source, with fine examples for many features,
and like the zen masters, some of the answers is in the 'debug' sections,
how to determine whether what you think you should get, is how SSH is
Online articles are often short, make assumptions about how OpenSSH/Putty
works, 'script' a lot of commands that require version X.Y
of this and M.N of that. Rarely are there supportive notes on how to diagnose
the instructions, or related system has response.
SSH Mastery explores, explains, provides samples, provides
debugging techniques so we can explore, understand, type-in the SSH commands
to see all those features at work. Not the guru in the room, but
the next best thing, someone knowledgeable to go to.
Saving me money?
- Chapter 3: The OpenSSH Server
A technical configuration to start in a book? After the general introduction to the topic,
data encryption, it seemed odd to dive into configuring the server?
I was hoping for magical command-line tricks. But it is understated
how critical it is to configure your server correctly, and how to validate
the server is working correctly: debug
4 years ago I was locking down a machine in the USA (from Australia.) I'd spent a month
configuring some complicated Mail Processing system on that box, and was almost
ready for the 'live' output. The only thing left to do was formalise the lock
down of the machine.
2 minutes later, I'd locked myself out with a typo in my ssh server configuration. After
ripping my hair out, I found the answer (documented in Chapter 3) and published it online and @serverfault.com
That lost server, lost time, lost configuration was throwing money out the door.
Augmented Reality (a flexible and secure infrastructure)
SSH Tunnels have many uses, but I have always found it difficult to follow the
manpage ssh. SSH Tunnels lets us augment, extend our existing
network/infrastructure in ways the physical configuration would not allow.
- Chapter 9: Port Forwarding
- Services on localhost
- The web from somewhere else
We tunnel extensively at work to let us run services on Unix hosts, but lock
those services down for access only from localhost (i.e. a legitimate user account,
using SSH Keys is required to tunnel onto the machine and using port forwarding
download e-mail (which contains a lot of diagnostic information, system
reports) et. al. onto our monitoring host.
Automation scripts/.fetchmailrc configuration files get forgotten, we're always
falling back to documentation when its time for upgrades and changes on our network.
As mentioned, tunnels tend to be hard to understand (and the command-line ordering can still
confuse those who've been using it.) SSH Mastery is a good introduction, with good examples,
and a good connection
I was in Tonga over the Christmas break when I needed to do some funds transfers on some
accounts in Australia, but the internet awareness/security doesn't allow any transfers from
an IP Address from Tonga.
Thanks to OpenSSH, Putty and socket routing, Christmas ended well.
Is SSH Mastery comprehensive? Not nearly, which is good. There's still a lot out there)
waiting for your articles. It does however cover a lot of things that I haven't been
considering, and need to within my day job and home network.
The Guru in the book definitely covers a lot of things that I now use daily, because
others better than myself were "doing it" and quickly led me in the right direction.
- Chapter 4: Verifying Server Keys
- Chapter 5: SSH Clients
- Chapter 6: Copying Files over SSH
- Chapter 7: SSH Keys
- Chapter 8: X11 Forwarding
- Chapter 9: Port Forwarding
- Chapter 10: Keeping SSH connections Open
- Chapter 11: Host Key Distribution
- Chapter 12: Limiting SSH
- Chapter 13: SSH Virtual Private Networks
Some of the information seem so basic now, after years of stumbling through them but the
details and exploration helps to clarify my own understanding. Some areas I don't use,
I should know, and now I have a reference that tells me some of what I need to attend.
Even if you have some one with patience and wizard knowledge to help you with
this fundamental tool, I'm finding this book useful. It is a great investment for both end-users, system administrators and developers.
Refer to other reviews on the web for the utility of this title: