SSH, The Secure Shell: The Definitive Guide

Errata for SSH, The Secure Shell: The Definitive Guide

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Printed
Page xii
2nd from top line

In First Edition - [5/01] printing: "and servers. serverwide configuration..." should read "and servers, serverwide configuration..."

Note from the Author or Editor:
This suggestion is correct; thanks!

Anonymous   
Printed
Page xiii
3rd line from bottom

In First Edition - [5/01] printing: "labled K." should read "labeled K."

Note from the Author or Editor:
This suggestion is correct; thanks!

Anonymous   
Other Digital Version
ch8
section "Security issues"

The phrase "sense of false security" should be "false sense of security". The former means that the person would become suspicious of the security being false. Presumably, the author meant that the sense was false, not just the security, and that the sense was of security, not insecurity.

Note from the Author or Editor:
Page 333, paragraph 2, line 2: change "sense of false security" to "false sense of security".

Jeremy Laidman  Jan 07, 2013 
Printed
Page iv
In the last line of the first paragraph, changed "the the topic of SSH"

to "the topic of SSH."

Anonymous    Mar 01, 2001
Printed
Page xiii
In the second line of the last paragraph, changed "measns" to "means".

Anonymous    Mar 01, 2001
Printed
Page xiii
At the top of the page

...Unix SSH versions" NOW READS: ...Unix SSH versions:

Anonymous    Feb 01, 2004
Printed
Page xiii
6th from last line

"new terms whre they are defined." NOW READS: "new terms where they are defined."

Anonymous    Feb 01, 2004
Printed
Page xiii
Third from last line

labeled K. "Secured" measns encrypted, ... NOW READS: labeled K. "Secured" means encrypted, ...

Anonymous    Feb 01, 2004
Printed
Page 38-39
The last line on page 38 and the first two lines on page 39

("SecureFX... with SSH1") have been replaced with the following text: "SecureFX, and both a client and server in OpenSSH). The OpenSSH sftp can run over either SSH-1 or SSH-2, whereas the SSH2 version only runs over SSH-2 due to implementation details."

Anonymous    Mar 01, 2001
Printed
Page 43
last paragraph

Change "should it be distinguish" to "should it be able to distinguish"

Note from the Author or Editor:
This suggestion is correct; thanks!

Anonymous   
Printed
Page 45
section 3.1.5, last sentence

"access SSH public keys on remote machines" NOW READS: "use SSH private keys held on remote machines".

Anonymous    Feb 01, 2004
Printed
Page 64
2nd line of config file sample (in constant width type)

"...domains one.foo.org and two.foo.com" NOW READS: "...domains one.foo.com and two.foo.com"

Anonymous    Feb 01, 2004
Printed
Page 75
bullet list

In the bullet list at the top of the page (and the bottom of the preceeding page) there are 6 items. The last two are "stronger integrity checking ..." and "periodic replacement of the session key". For each of these items, there is a section giving details in the next several pages. There is, however, an extra section on page 78 (3.5.1.6 in my copy) between the two sections on integrity checking and session rekeying. This talks about Hostbased authenti- cation, a topic which does not appear on the bullet list. This is hardly a big deal, but maybe in the interests of completeness there should be an additional bulleted item about hostbased authentication on the list on page 75.

Note from the Author or Editor:
Old edition of the book from 2001, long out of print.

Anonymous   
Printed
Page 82
third paragraph, fourth sentence

Text reads: "The following example shows the public keys for one SSH server running on wynken, port 22, and two running on blynken, ports 22 and 220." The example actually shows one SSH server running on blynken and two running on wynken.

Note from the Author or Editor:
Old edition of the book from 2001, long out of print.

Anonymous   
Printed
Page 84
first sentence, fifth paragraph

Text reads: "Since ssh-signer2 is a relatively small and simple, ..." Should read: "Since ssh-signer2 is relatively small and simple, ..." or "Since ssh-signer2 is a realatively small and simple program, ..."

Note from the Author or Editor:
Change to: "Since ssh-signer2 is relatively small and simple, ..." Thanks!

Anonymous   
Printed
Page 88
paragraph 5

Shouldn't the sentence "If existing FTP implementations could easily be made to operate over SSH, there would be no need for ssh, ...." read "... there would be no need for scp, ..." Surely the ability of FTP to do something doesn't influence the need for ssh in a more general context, even it it does have a bearing on the file transfer situation. At the very least, this is confusing wording.

Note from the Author or Editor:
Change to: "... there would be no need for scp, ..." Thanks!

Anonymous   
Printed
Page 88
In the third line of the fourth paragraph of section 3.8, changed "over a

the single" to "over the single".

Anonymous    Mar 01, 2001
Printed
Page 89
In the footnote, changed "SSH1" to "SSH-1."

Anonymous    Mar 01, 2001
Printed
Page 90
In the last paragraph, changed the sshd2_config file's path from

"/etc/sshd2_config" to "/etc/ssh2/sshd2_config".

Anonymous    Mar 01, 2001
Printed
Page 96
I believe there is an error on page 96 of the SSH, the Secure Shell

book, printing date February 2001. In section 3.9.2.3, the description of the action of 3DES says the algorithm encrypts plaintext with three iterations of the DES algorithm, using three separate keys. In truth, only two keys are used -- the first key is used twice, during the first and third iterations.

Note from the Author or Editor:
Old edition of the book from 2001, long out of print.

Anonymous   
Printed
Page 153
5.4.2.2, example

cf. the box on p. 155 and p. 363: Umask 022 sould read Umask 0022

Note from the Author or Editor:
The suggested change is correct. Thanks!

Anonymous   
Printed
Page 154
In the last paragraph, changed "more than ListenAddress line" to "more

than one ListenAddress line".

Anonymous    Mar 01, 2001
Printed
Page 155

Editing /etc/services: Line reads "ssh tcp/22" should read "ssh 22/tcp"

Note from the Author or Editor:
The suggested change is correct. Thanks!

Anonymous   
Printed
Page 178,179
Second paragraph on 178 and Second paragraph on 179

On 178 the indication is that only SSH1 & SSH2 support the '@host' construct for AllowUsers. On 179, the wildcard example uses the '@' construct and is labeled as being valid for SSH1, SSH2, OpenSSH. These cannot both be true - either OpenSSH supports host-address restrictions or it does not, regardless of wildcards. I believe that p178 is correct, and OpenSSH does NOT support hostnames in the sshd config file. OpenSSH does support host restrictions in the individuals authorised_keys file, using the "from=the.host.name" construct.

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 179
mid-page

Section 5.5.2.1 addresses Account access control, specifically use of AllowUsers and DenyUsers. On page 179 at mid-page, the examples go from using AllowUsers to AllowHosts with the sytax for AllowUsers and then back to using AllowUsers at the bottom of the page. AllowHosts and DenyHosts is not discussed until Section 5.5.2.3. All examples on page 179 should read AllowUsers.

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 179
Last line of code before last paragraph

Line reads: "AllowUsers "*@10.1.1.[:isdigit:]##" Should read: "AllowUsers "*@10.1.1.[:digit:]##"

Note from the Author or Editor:
The suggested change is correct. Thanks!

Anonymous   
Printed
Page 182
second line of second paragraph of 5.5.2.3

sentence reads: ... access by s host more concisely, getting rid of the unnecessary account-name ... probably mean, "... access by a host ..."?

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 183
Last line before bulleted list

The title of the bulleted list reads: "As for AllowHosts and DenyHosts:". However, the bulleted list for AllowHosts and DenyHosts is on the middle of page 182. This line should read "As for AllowShosts and DenySHosts". This is perfectly clear from the last bullet point which is on page 184.

Note from the Author or Editor:
Delete from "As for AllowHosts and DenyHosts:" to the end of the section. Replace with: "The same bulleted restrictions noted in the previous section for AllowHosts and DenyHosts, apply to AllowSHosts and DenySHosts as well." Thanks!

Anonymous   
Printed
Page 190
In the second sentence of section 5.6.4.1, the command "touch /etc/

login" now reads "touch /etc/nologin".

Anonymous    Mar 01, 2001
Printed
Page 213
1st paragraph

The end of the sentence should be corrected to "... your public key file:" Losing one's private key file is in my opinion a major problem...

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 215
In last sentence of #3

Last sentence of number three reads: "Therefore, keys are a quick and convenient method for checking that a key is unaltered." Should read: "Therefore, fingerprints are a quick and . . ."

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 219
In the middle of the page, changed the command line

$ unset SSH_AGENT_PID to: $ unset SSH_AGENT_PID #SSH uses SSH2_AGENT_PID instead

Anonymous    Mar 01, 2001
Printed
Page 230
First complete paragraph, lines 4-6.

Line 4, second-last word: typo "USENRAME" should be "USERNAME". Line 6, first word: "STRING" should be in the same typestyle as "USERNAME" on line 4.

Anonymous   
Printed
Page 241
Figure 7-1

In the right-hand column ("Files" for the SSH server), there are some typos. The word "environment" is misspelled as "enviroment" (twice) and near the bottom you see "/~.k5login" which should be "~/.k5login".

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 242
In the second paragraph of section 7.1.3, deleted the paragraph separator

in the first line, after "specifying 276".

Anonymous    Mar 01, 2001
Printed
Page 242
Section 7.1.3 (Client Configuration Files), second paragraph, first line

"In a client configuration file, client settings are changed by specifying 276 <linebreak> keywords and values." NOW READS: "In a client configuration file, client settings are changed by specifying keywords and values."

Anonymous    Feb 01, 2004
Printed
Page 246
The last sentence in the first paragraph said that "the earliest value

takes precedence" when the same keyword has multiple values. This is true for SSH1 and OpenSSH, but for SSH2 it is the latest value that takes precedence. The sentence has been changed to: "Every matching section applies, and if a keyword is set more than once with different values, only one value applies. For SSH1 and OpenSSH, the earliest value takes precedence, whereas for SSH2 the latest value wins."

Anonymous    Mar 01, 2001
Printed
Page 254
In the SSH2 column of the table at the bottom of the page, the first

section (sally-account: User sally) and third section (sally*-account: Host server.example.com, Compression yes) have been swapped.

Anonymous    Mar 01, 2001
Printed
Page 254

The sentence immediately following the table did read: "Since sally*-account matches both previous sections..." Now reads: "Since sally*-account matches both other sections..."

Anonymous    Mar 01, 2001
Printed
Page 265

The second paragraph used to read: "Batch mode may enabled for..." Now it reads: "Batch mode may be enabled for..."

Anonymous    Aug 01, 2001
Printed
Page 266

The third line of the second paragraph used to read: "...and contains name of the character device file..." Now it reads: "...and contains the name of the character device file..."

Anonymous    Aug 01, 2001
Printed
Page 266
first complete paragraph, third line, third word

"contains name" NOW READS: "contains the name"

Anonymous    Feb 01, 2004
Printed
Page 279

The last paragraph of the second bulleted item used to read: "...sftp, then these programs run ssh2..." Now it reads: "...sftp, when these programs run ssh2..."

Anonymous    Aug 01, 2001
Printed
Page 279

The third line of the second to last paragraph used to read: "...by a evil intruder?" Now it reads: "...by an evil intruder?"

Anonymous    Aug 01, 2001
Printed
Page 292

The last sentence in the second-to-last paragraph did read: "...the earliest value is the winner." Now reads: "...the earliest (SSH1, OpenSSH) or latest (SSH2) value is the winner."

Anonymous    Mar 01, 2001
Printed
Page 300
8.2.4.1, 2nd sentence

... at least as secure a ... should read ... at least as secure as a ...

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 311
section 8.2.7

The "idle-timeout" directive is described as being applicable to both SSH1 and OpenSSH. but, the "idle-timeout" authorized_keys option is available in SSH1 only.

Anonymous   
Printed
Page 311
First sentence on page

First sentence reads: "Timeouts are set in with the idle-timeout option." Should remove the word 'in' so the sentence reads: "Timeouts are set with the idle- timeout option."

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 323
In the last line of the second-to-last paragraph, changed

"(localhost,143) to (H,2001)" to "(H,2001) to (localhost,143)."

Anonymous    Mar 01, 2001
Printed
Page 324
In the warning, replaced the sentence beginning

"There would have to be a way..." With the following text: "The SSH-1 protocol lacks the ability to indicate this difference. SSH-2 can indicate it, but current clients always just request listening on all addresses, anyway."

Anonymous    Mar 01, 2001
Printed
Page 330
first sentence of last paragraph

First sentence reads: "In addition to any physical network interfaces it may have, a host running IP has also has a virtual one called, the loopback interface." One of the "has" words should be deleted.

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 331
In the first footnote, changed "24 million" to "16 million."

Anonymous    Mar 01, 2001
Printed
Page 332
In the command after the 2nd paragraph, changed

$ ssh1 ... to: $ ssh ...

Anonymous    Mar 01, 2001
Printed
Page 341
Third sentence of second paragraph

Sentence reads: "You log into one of these machines using SSH, and want to run an graphical performance-monitoring tool," Should read: "... and want to run a graphical ..."

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 344
Figure 9-10 X forwarding

Currently, the dotted circle on the left is labelled "X client" and the dotted circle on the right "X server". The labels should be the other way around, "X server" on the left and "X client" on the right.

Anonymous   
Printed
Page 351

The sixth line in section 9.3.6.1 did read: "allow all connections from the your PC..." Now reads: "allow all connections from your PC..."

Anonymous    Mar 01, 2001
Printed
Page 352

The first line did read: "should only do this when the both machines..." Now reads: "should do this only when both machines..."

Anonymous    Mar 01, 2001
Printed
Page 356
In the description for sshdfwd-N, only "sshdfwd-2001" should be in

constant width font; "service" should not.

Anonymous    Mar 01, 2001
Printed
Page 361
--without-rsh

The book says "... or at runtime in the server-wide configuration file." This is not correct as there is no sshd option for this. This belongs to the client specific configuration, cf. p. 125 (4.1.5.12) and p. 269.

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 390
3rd full para

Last sentence: /decisions based on the their contents should be /decisions based on their contents/

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 392
Note (footprints)

s/port -orwarding/port forwarding/

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 406
fourth typed code (constant width) example

the third constant width code example cites the -q argument to ssh (for supressed output), while the fourth expands it to -w, a non-existent option.

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 407
Example Code (Perl)

line 15: "else if" HAS BEEN REPLACED WITH "elsif" line 17: NOW READS: $command = "exec /etc/r${method}d"; 426) The seventh line: $ kdb5_util create NOW READS: $ kdb5_util create -s

Anonymous    Feb 01, 2004
Printed
Page 461
Just below the www.oreilly.com URL

The label "Authors' Online Resources" NOW READS: "Author's Web Site".

Anonymous    Feb 01, 2004
Printed
Page 467
Contact row of the Mathur Port column

The URL "ftp://ftp.cs.hut.fi/pub/ssh/contrib/" NOW READS: "ftp://ftp.franken.de/pub/win32/develop/gnuwin32/cygwin/porters/Mathur_Raju/"

Anonymous    Feb 01, 2004
Printed
Page 470
Chapter 13, Section 13.4

ftp://ftp.cs.hut.fi/pub/ssh/contrib/ssh.el Replaced with: http://munitions.vipul.net/software/network/ssh/ssh.el ftp://ftp.cs.hut.fi/pub/ssh/contrib/ssh-keyscan-0.3.tar.gz Replaced with: ftp://cag.lcs.mit.edu/pub/dm/source/ssh-keyscan-0.3b.tar.gz

Anonymous    Aug 01, 2001
Printed
Page 509
keyword Macs

keyword Macs should be MAC (according to p. 165)

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 509
keyword IgnoreRootRhosts

p. 169 says the meaning of the keyword IgnoreRootRhosts is to ignore /.rhosts and /.shosts and not just "Ignore /.rhosts files"

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 509
keyword IgnoreUserKnownHosts

keyword IgnoreUserKnownHosts is valid for OpenSSH only (according to p. 171)

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 512
keyword Host

keyword Host does not mark the beginning of a section for SSH2; for SSH2 it defines a host's real name (cf. 244 + 248)

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 512
keyword FallBackToRsh

keyword FallBackToRsh applies to SSH2 as well (according to p. 269)

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 514
keyword PGPSecretKeyFile

keyword PGPSecretKeyFile is not a ssh keyword (cf. p. 172)

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 514
keyword UseRsh

keyword UseRsh applies to SSH2 as well (according to p. 269)

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 515
option -g

option -g applies to SSH1 and OpenSSH only (according to p. 323)

Note from the Author or Editor:
Book is long out of print.

Anonymous   
Printed
Page 519
Environment Variables

SSH2_ORIGINAL_COMMAND is missing under environment variables (see p. 304)

Anonymous   
Printed
Page 541
In the second paragraph of the Colophon, changed "mollusca" to

"Mollusca."

Anonymous    Mar 01, 2001