[nycbug-talk] OpenSSH book

Michael W. Lucas mwlucas at blackhelicopters.org
Mon Jun 6 09:20:30 EDT 2011


On Mon, Jun 06, 2011 at 08:55:36AM -0400, John Baldwin wrote:
> On Friday, June 03, 2011 11:39:28 pm Brian Cully wrote:
> > On Jun 3, 2011, at 21:49, George Rosamond <george at ceetonetechnology.com> 
> wrote:
> > > I think back to the manner in which Dru has queried people for book 
> content and tips, and imagine we could do the same for an OpenSSH book, if 
> there's a need.
> > 
> > OpenSSH is a neat tool. On the one hand it offers a very simple "give me a 
> shell" functionality which will at least encrypt traffic and prevent MITM 
> attacks. On the other hand it has some powerful, although somewhat esoteric 
> uses.
> > 
> > The simple stuff doesn't really need explanation, IMHO. I'd love to see 
> something that covers forward and reverse tunnels, auth mechanism integration, 
> security/convenience tradeoffs of passwords vs. GSSAPI vs. DSA keys, why agent 
> forwarding can be a bad idea and why it can be a good idea, and discussion of 
> some of the stranger features like, say, UseLogin.
> > 
> > OK, the last one was to stroke my ego. Does anyone actually use UseLogin?
> 
> I've used it at a past job to make ssh connections respect /etc/login.access.


That's precisely the sort of weird edge case I'm NOT covering.  :-)

I am doing tunnels and security of agent forwarding, but not GSSAPI
and complex auth mechanisms.  The latter vary wildly depending on
operating system.

My target reader has downloaded PuTTY, typed in a username and
password, and says "I'm secure!"  Once you have a handle on keys, X11
forwarding, and restricting certain keys to certain commands (for
automated use), they'll be able to use man pages and google for that
weird crap.

==ml

-- 
Michael W. Lucas 	
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: Network Flow Analysis http://www.networkflowanalysis.com/
mwlucas at BlackHelicopters.org, Twitter @mwlauthor



More information about the talk mailing list