[nycbug-talk] OpenSSH book
Michael W. Lucas
mwlucas at blackhelicopters.org
Mon Jun 6 09:20:30 EDT 2011
On Mon, Jun 06, 2011 at 08:55:36AM -0400, John Baldwin wrote:
> On Friday, June 03, 2011 11:39:28 pm Brian Cully wrote:
> > On Jun 3, 2011, at 21:49, George Rosamond <george at ceetonetechnology.com>
> > > I think back to the manner in which Dru has queried people for book
> content and tips, and imagine we could do the same for an OpenSSH book, if
> there's a need.
> > OpenSSH is a neat tool. On the one hand it offers a very simple "give me a
> shell" functionality which will at least encrypt traffic and prevent MITM
> attacks. On the other hand it has some powerful, although somewhat esoteric
> > The simple stuff doesn't really need explanation, IMHO. I'd love to see
> something that covers forward and reverse tunnels, auth mechanism integration,
> security/convenience tradeoffs of passwords vs. GSSAPI vs. DSA keys, why agent
> forwarding can be a bad idea and why it can be a good idea, and discussion of
> some of the stranger features like, say, UseLogin.
> > OK, the last one was to stroke my ego. Does anyone actually use UseLogin?
> I've used it at a past job to make ssh connections respect /etc/login.access.
That's precisely the sort of weird edge case I'm NOT covering. :-)
I am doing tunnels and security of agent forwarding, but not GSSAPI
and complex auth mechanisms. The latter vary wildly depending on
My target reader has downloaded PuTTY, typed in a username and
password, and says "I'm secure!" Once you have a handle on keys, X11
forwarding, and restricting certain keys to certain commands (for
automated use), they'll be able to use man pages and google for that
Michael W. Lucas
Latest book: Network Flow Analysis http://www.networkflowanalysis.com/
mwlucas at BlackHelicopters.org, Twitter @mwlauthor
More information about the talk