SSH: What it takes to get your work done
Michael W Lucas’ book: SSH Mastery: OpenSSH, Putty, Tunnels and Keys.
Good enough that I avoided buying the book, even when it was released with funding support my favourite Open Source project (OpenBSD with OpenSSH.) Good enough that after recieving a blogger review copy the first thing I did was to hit the corporate buy button to order a legitimate print/e-book copy for my cohort, fellow sysadmin, users. Why?
I was under some insane self delusion that I didn’t want to be bound by the book’s research, so that I can ethically ‘document’ my own stumbles into SSH to share freely with others. Fortunately, a short look at the books contents and the better solution for users and System Administrators, is to just buy this book.
What value is there in this book:
- The Guru in the room
- Saving Money
- Augmented Reality (extending your infrastructure)
- Saving Time
The Guru in the room
We don’t know what we don’t know.
The fastest path of learning I’ve enjoyed has been as the new kid amongst ‘zen masters’ who danced on their keyboards making magic happen across our network(s). Unfortunately the real masters moved on and we graduate a little higher up the ladder until we’ve reached the peak of our incompetence.
The book is a good reference source, with fine examples for many features, and like the zen masters, some of the answers is in the ‘debug’ sections, how to determine whether what you think you should get, is how SSH is seeing it.
Online articles are often short, make assumptions about how OpenSSH/Putty works, ‘script’ a lot of commands that require version X.Y of this and M.N of that. Rarely are there supportive notes on how to diagnose the instructions, or related system has response.
SSH Mastery explores, explains, provides samples, provides debugging techniques so we can explore, understand, type-in the SSH commands to see all those features at work. Not the guru in the room, but the next best thing, someone knowledgeable to go to.
Saving me money?
- Chapter 3: The OpenSSH Server
- Testing and Debugging
A technical configuration to start in a book? After the general introduction to the topic, data encryption, it seemed odd to dive into configuring the server?
I was hoping for magical command-line tricks. But it is understated how critical it is to configure your server correctly, and how to validate the server is working correctly: debug
4 years ago I was locking down a machine in the USA (from Australia.) I’d spent a month configuring some complicated Mail Processing system on that box, and was almost ready for the ‘live’ output. The only thing left to do was formalise the lock down of the machine.
2 minutes later, I’d locked myself out with a typo in my ssh server configuration. After ripping my hair out, I found the answer (documented in Chapter 3) and published it online and @serverfault.com
That lost server, lost time, lost configuration was throwing money out the door.
Augmented Reality (a flexible and secure infrastructure)
SSH Tunnels have many uses, but I have always found it difficult to follow the manpage ssh. SSH Tunnels lets us augment, extend our existing network/infrastructure in ways the physical configuration would not allow.
- Chapter 9: Port Forwarding
- Services on localhost
- The web from somewhere else
We tunnel extensively at work to let us run services on Unix hosts, but lock those services down for access only from localhost (i.e. a legitimate user account, using SSH Keys is required to tunnel onto the machine and using port forwarding download e-mail (which contains a lot of diagnostic information, system reports) et. al. onto our monitoring host.
Automation scripts/.fetchmailrc configuration files get forgotten, we’re always falling back to documentation when its time for upgrades and changes on our network.
As mentioned, tunnels tend to be hard to understand (and the command-line ordering can still confuse those who’ve been using it.) SSH Mastery is a good introduction, with good examples, and a good connection
I was in Tonga over the Christmas break when I needed to do some funds transfers on some accounts in Australia, but the internet awareness/security doesn’t allow any transfers from an IP Address from Tonga.
Thanks to OpenSSH, Putty and socket routing, Christmas ended well.
Is SSH Mastery comprehensive? Not nearly, which is good. There’s still a lot out there) waiting for your articles. It does however cover a lot of things that I haven’t been considering, and need to within my day job and home network.
The Guru in the book definitely covers a lot of things that I now use daily, because others better than myself were “doing it” and quickly led me in the right direction.
- Chapter 4: Verifying Server Keys
- Chapter 5: SSH Clients
- Chapter 6: Copying Files over SSH
- Chapter 7: SSH Keys
- Chapter 8: X11 Forwarding
- Chapter 9: Port Forwarding
- Chapter 10: Keeping SSH connections Open
- Chapter 11: Host Key Distribution
- Chapter 12: Limiting SSH
- Chapter 13: SSH Virtual Private Networks
Some of the information seem so basic now, after years of stumbling through them but the details and exploration helps to clarify my own understanding. Some areas I don’t use, I should know, and now I have a reference that tells me some of what I need to attend.
Even if you have some one with patience and wizard knowledge to help you with this fundamental tool, I’m finding this book useful. It is a great investment for both end-users, system administrators and developers.
Refer to other reviews on the web for the utility of this title:
- SSH Mastery: A Very Welcome Addition to Any Unix User’s Bookshelf
Author: Michael W. Lucas
Publisher: Tilted Windmill Press (January 18, 2012)