Secure Shell in the Enterprise

Secure Shell in the Enterprise

by Jason Reid

Paperback

$46.99

Product Details

ISBN-13: 9780131429000
Publisher: Prentice Hall
Publication date: 07/16/2003
Series: Sun BluePrints, The Official Sun Microsystems Resource Series
Pages: 224
Product dimensions: 6.90(w) x 9.30(h) x 0.60(d)

Table of Contents

Acknowledgementsiii
Prefacexix
1.Introducing the Secure Protocols1
Security History and Protocols1
Secure Protocols2
Authentication2
Integrity4
Confidentiality5
Cryptographic Protocols5
Security Policy8
Tools9
Kerberos9
IPsec11
Virtual Private Networks11
Secure Shell12
Determining Which Tool to Use13
Tool Decision Example A14
Tool Decision Example B14
Secure Shell Choices15
Solaris Secure Shell Software15
OpenSSH15
Noncommercial Implementations15
Commercial Variants16
Determining Which Secure Shell Software to Use17
Secure Shell Software Decision Example A17
Secure Shell Software Decision Example B17
Consequences18
2.Building OpenSSH19
Components19
Before Building OpenSSH20
Static Versus Dynamic Libraries20
Install Versus Build Location21
About $PATH21
Checking MD5 Hashes and GNU Privacy Guard Signatures21
Component Descriptions21
Solaris OE Build Machine22
Solaris OE Release22
Metaclusters22
Gzip23
Compilers23
Perl24
Zlib24
To Build Zlib24
Entropy Sources26
OpenSSH Internal Entropy Collection27
Kernel-Level Random Number Generators28
AND Irand28
SUNWski28
Entropy-Gathering Daemon28
Pseudorandom Number Generator Daemon29
Recommendations29
Building PRNGD Software29
To Build PRNGD With the Forte C Compiler29
To Build PRNGD With the GNU C Compiler30
Manually Installing PRNGD30
To Install PRNGD31
Running PRNGD32
To Start the PRNGD Manually32
To Stop the PRNGD Manually32
Testing the Entropy Source32
Checking / dev / random32
Checking PRNGD33
TCP Wrappers33
Building TCP Wrappers34
To Build TCP Wrappers34
To Install TCP Wrappers34
OpenSSL35
To Build and Test OpenSSL36
To Install OpenSSL36
OpenSSH37
Configuring OpenSSH37
To Obtain the List of Arguments in the configure Script37
To Configure OpenSSH39
Building OpenSSH40
To Build OpenSSH40
3.Configuring the Secure Shell41
Configuration Details41
Mechanics of Configuration Files42
Recommendations43
Server Recommendations43
Protocol Support43
Network Access43
Keep-Alives44
Data Compression44
Privilege Separation45
Login Grace Time45
Password and Public Key Authentication45
Superuser (root) Logins46
Banners, Mail, and Message-of-the-Day46
Connection and X11 Forwarding46
User Access Control Lists47
User File Permissions48
UseLogin Keyword48
Legacy Support49
Client Recommendations49
Host Option Assignment49
Data Compression50
Keep-Alives50
Protocol Support50
rlogin and rsh50
Server Identity51
User Identity51
4.Deploying Secure Shell53
OpenSSH Deployment53
OpenSSH Packaging54
To Generate the OBSDssh Package54
MD5 Hashes55
To Generate the OpenSSH Package MD5 Hash55
Solaris Security Toolkit55
Solaris Secure Shell Software Deployment56
Custom Configuration File Distribution57
Solaris Fingerprint Database58
5.Integrating Secure Shell59
Secure Shell Scripts59
rsh(1) Versus ssh(1)60
rcp(1) Versus scp(1)60
telnet(1) Versus ssh(1)61
Automated Logins62
Host Keys63
Proxies64
Role-Based Access Control65
To Use RBAC to Restrict a User to Only Copying Files66
Port Forwarding68
To Secure WebNFS Mounts With Port Forwarding69
Insecure Service Disablement70
To Disable Insecure Services70
6.Managing Keys and Identities71
Host Keys71
User Identities73
To Create an Identity74
To Register an Identity75
To Revoke an Identity75
Agents75
Common Desktop Environment Support77
Removing Agents78
Agent Risks79
7.Auditing81
Auditing Overview and Basic Procedures81
To Configure Auditing to Audit a Systemwide Event82
To Configure Auditing to Audit Commands Run by a Particular User83
To Enable Auditing83
To Audit the System84
To Audit a User84
To Disable Auditing85
OpenSSH86
cron(1M)86
Patching87
Logging87
To Enable Secure Shell Logging88
8.Measuring Performance91
Bandwidth Performance91
Interactive Sessions92
File Transfers92
Symmetric Cipher Performance93
Identity Generation94
Performance Problems97
Slow Connections97
Slow Client Startup97
Slow Server Startup98
Sizing98
9.Examining Case Studies101
A Simple Virtual Private Network101
To Set Up the Destination Side102
To Set Up the Originating Side102
To Initiate the Link102
Linking Networks Through a Bastion Host103
To Set Up the Destination Side104
To Set Up the Originating Side104
10.Resolving Problems and Finding Solutions105
Problems105
Server Does Not Produce Log File Output105
Public Key Authentication Is Not Working106
Trusted Host Authentication Is Not Working106
X Forwarding Is Not Working106
Wildcards and Shell Variables Fail on the scp(1) Command Line107
Superuser (root) Is Unable to Log In107
Startup Performance Is Slow107
Protocol 1 Clients Are Unable to Connect to Solaris Secure Shell Systems108
Privilege Separation Does Not Work in the Solaris Secure Shell Software108
cron(1M) Is Broken108
Message-of-the-Day Is Displayed Twice109
Problem Reports109
OpenSSH109
Solaris Secure Shell Software109
Patches109
OpenSSH110
Solaris Secure Shell Software110
Solutions110
Debugging a Secure Shell Connection110
Understanding Differences in OpenSSH and Solaris Secure Shell Software111
Integrating Solaris Secure Shell and SEAM (Kerberos)111
Forcing Remote X11 Users to Use Secure Shell Sessions111
Determining the Server Version String111
Altering the Server Version String112
CERT Advisory CA-2002-18112
A.Secure Shell Usage113
Client Usage113
Connecting to a Host114
Executing a Command on a Remote Host114
Copying a File114
Using Identity Keys115
Generating an Identity115
Registering an Identity116
Using the Identity116
Using Agents116
Setting Up Agents117
Loading Agents117
Listing Agent Identities117
Removing Agent Identities118
Stopping the Agent118
Forwarding Ports118
Setting Up Local Forwarding119
Setting Up Remote Forwarding120
Enabling X Forwarding120
Checking the $DISPLAY Variable121
Using Proxies121
Locating Client Configuration Files121
Server Usage122
Starting the Server122
Stopping the Server122
Locating Server Configuration Files123
Generating New Server Host Keys124
Supporting TCP Wrappers124
B.Server Configuration Options127
C.Client Configuration Options143
D.Performance Test Methodology155
Bandwidth Performance155
Identity Generation156
Symmetric Cipher Performance157
E.Scripts and Configuration Files159
Init Script159
Automatic Installation159
Manual Installation159
To Manually Install the init Script160
Contact160
Init Script Sample161
Code Example for Packaging Script166
Usage167
Contact167
Packaging Script Sample168
Code Example for PRNGD Sanity Check174
Server Configuration Files176
DMZ-Bastion Host Server176
Legacy Support177
Workstation Server178
Client Configurations179
Remote Worker Configuration File179
Workstation Configuration File180
F.Resources181
Solaris Secure Shell Software Documentation181
OpenSSH Documentation182
Software182
Bibliography185
Sun BluePrints OnLine Articles185
External Articles186
Books187
Bug Reports189
FAQs189
Man Pages189
Presentations190
Security Information190
Index191

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews