[nycbug-talk] OpenSSH book
Michael W. Lucas
mwlucas at blackhelicopters.org
Mon Jun 6 09:20:30 EDT 2011
On Mon, Jun 06, 2011 at 08:55:36AM -0400, John Baldwin wrote:
> On Friday, June 03, 2011 11:39:28 pm Brian Cully wrote:
> > On Jun 3, 2011, at 21:49, George Rosamond <george at ceetonetechnology.com>
> wrote:
> > > I think back to the manner in which Dru has queried people for book
> content and tips, and imagine we could do the same for an OpenSSH book, if
> there's a need.
> >
> > OpenSSH is a neat tool. On the one hand it offers a very simple "give me a
> shell" functionality which will at least encrypt traffic and prevent MITM
> attacks. On the other hand it has some powerful, although somewhat esoteric
> uses.
> >
> > The simple stuff doesn't really need explanation, IMHO. I'd love to see
> something that covers forward and reverse tunnels, auth mechanism integration,
> security/convenience tradeoffs of passwords vs. GSSAPI vs. DSA keys, why agent
> forwarding can be a bad idea and why it can be a good idea, and discussion of
> some of the stranger features like, say, UseLogin.
> >
> > OK, the last one was to stroke my ego. Does anyone actually use UseLogin?
>
> I've used it at a past job to make ssh connections respect /etc/login.access.
That's precisely the sort of weird edge case I'm NOT covering. :-)
I am doing tunnels and security of agent forwarding, but not GSSAPI
and complex auth mechanisms. The latter vary wildly depending on
operating system.
My target reader has downloaded PuTTY, typed in a username and
password, and says "I'm secure!" Once you have a handle on keys, X11
forwarding, and restricting certain keys to certain commands (for
automated use), they'll be able to use man pages and google for that
weird crap.
==ml
--
Michael W. Lucas
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: Network Flow Analysis http://www.networkflowanalysis.com/
mwlucas at BlackHelicopters.org, Twitter @mwlauthor
More information about the talk
mailing list