book

Secure Shell in the Enterprise

Name: Secure Shell in the Enterprise
Author: Jason Reid
ISBN: 0131429000

by Jason Reid

June 2003

Intermediate to advanced

224 pages

3h 24m

English

Pearson

Read now

Unlock full access

Copyright
Acknowledgements
Figures
Table
Preface
Sun BluePrints ProgramWho Should Use This BookBefore You Read This BookHow This Book Is OrganizedUsing UNIX CommandsTypographic ConventionsShell PromptsAccessing Sun DocumentationSun Welcomes Your Comments
1. Introducing the Secure Protocols
Security History and ProtocolsSecure ProtocolsAuthenticationIntegrityConfidentialityCryptographic ProtocolsSecurity PolicyToolsKerberosIPsecVirtual Private NetworksSecure ShellDetermining Which Tool to UseTool Decision Example ATool Decision Example BSecure Shell ChoicesSolaris Secure Shell SoftwareOpenSSHNoncommercial ImplementationsCommercial VariantsDetermining Which Secure Shell Software to UseSecure Shell Software Decision Example ASecure Shell Software Decision Example BConsequences
2. Building OpenSSH
ComponentsBefore Building OpenSSHStatic Versus Dynamic LibrariesInstall Versus Build LocationAbout $PATHChecking MD5 Hashes and GNU Privacy Guard SignaturesComponent DescriptionsSolaris OE Build MachineSolaris OE ReleaseMetaclustersGzipCompilersPerlZlibTo Build ZlibEntropy SourcesOpenSSH Internal Entropy CollectionKernel-Level Random Number GeneratorsANDIrandSUNWskiEntropy-Gathering DaemonPseudorandom Number Generator DaemonRecommendationsBuilding PRNGD SoftwareTo Build PRNGD With the Forte C CompilerTo Build PRNGD With the GNU C CompilerManually Installing PRNGDTo Install PRNGDRunning PRNGDTo Start the PRNGD ManuallyTo Stop the PRNGD ManuallyTesting the Entropy SourceChecking /dev/randomChecking PRNGDTCP WrappersBuilding TCP WrappersTo Build TCP WrappersTo Install TCP WrappersOpenSSLTo Build and Test OpenSSLTo Install OpenSSLOpenSSHConfiguring OpenSSHTo Obtain the List of Arguments in the configure ScriptTo Configure OpenSSHBuilding OpenSSHTo Build OpenSSH
3. Configuring the Secure Shell
Configuration DetailsMechanics of Configuration FilesRecommendationsServer RecommendationsProtocol SupportNetwork AccessKeep-AlivesData CompressionPrivilege SeparationLogin Grace TimePassword and Public Key AuthenticationSuperuser (root) LoginsBanners, Mail, and Message-of-the-DayConnection and X11 ForwardingUser Access Control ListsUser File PermissionsUseLogin KeywordLegacy SupportClient RecommendationsHost Option AssignmentData CompressionKeep-AlivesProtocol Supportrlogin and rshServer IdentityUser Identity
4. Deploying Secure Shell
OpenSSH DeploymentOpenSSH PackagingTo Generate the OBSDssh PackageMD5 HashesTo Generate the OpenSSH Package MD5 HashSolaris Security ToolkitSolaris Secure Shell Software DeploymentCustom Configuration File DistributionSolaris Fingerprint Database
5. Integrating Secure Shell
Secure Shell Scriptsrsh(1) Versus ssh(1)rcp(1) Versus scp(1)telnet(1) Versus ssh(1)Automated LoginsHost KeysProxiesRole-Based Access ControlTo Use RBAC to Restrict a User to Only Copying FilesPort ForwardingTo Secure WebNFS Mounts With Port ForwardingInsecure Service DisablementTo Disable Insecure Services

6. Managing Keys and Identities
Host KeysUser IdentitiesTo Create an IdentityTo Register an IdentityTo Revoke an IdentityAgentsCommon Desktop Environment SupportRemoving AgentsAgent Risks
7. Auditing
Auditing Overview and Basic ProceduresTo Configure Auditing to Audit a Systemwide EventTo Configure Auditing to Audit Commands Run by a Particular UserTo Enable AuditingTo Audit the SystemTo Audit a UserTo Disable AuditingOpenSSHcron(1M)PatchingLoggingTo Enable Secure Shell Logging
8. Measuring Performance
Bandwidth PerformanceInteractive SessionsFile TransfersSymmetric Cipher PerformanceIdentity GenerationPerformance ProblemsSlow ConnectionsSlow Client StartupSlow Server StartupSizing
9. Examining Case Studies
A Simple Virtual Private NetworkTo Set Up the Destination SideTo Set Up the Originating SideTo Initiate the LinkLinking Networks Through a Bastion HostTo Set Up the Destination SideTo Set Up the Originating Side
10. Resolving Problems and Finding Solutions
ProblemsServer Does Not Produce Log File OutputPublic Key Authentication Is Not WorkingTrusted Host Authentication Is Not WorkingX Forwarding Is Not WorkingWildcards and Shell Variables Fail on the scp(1) Command LineSuperuser (root) Is Unable to Log InStartup Performance Is SlowProtocol 1 Clients Are Unable to Connect to Solaris Secure Shell SystemsPrivilege Separation Does Not Work in the Solaris Secure Shell Softwarecron(1M) Is BrokenMessage-of-the-Day Is Displayed TwiceProblem ReportsOpenSSHSolaris Secure Shell SoftwarePatchesOpenSSHSolaris Secure Shell SoftwareSolutionsDebugging a Secure Shell ConnectionUnderstanding Differences in OpenSSH and Solaris Secure Shell SoftwareIntegrating Solaris Secure Shell and SEAM (Kerberos)Forcing Remote X11 Users to Use Secure Shell SessionsDetermining the Server Version StringAltering the Server Version StringCERT Advisory CA-2002-18
A. Secure Shell Usage
Client UsageConnecting to a HostExecuting a Command on a Remote HostCopying a FileUsing Identity KeysGenerating an IdentityRegistering an IdentityUsing the IdentityUsing AgentsSetting Up AgentsLoading AgentsListing Agent IdentitiesRemoving Agent IdentitiesStopping the AgentForwarding PortsSetting Up Local ForwardingSetting Up Remote ForwardingEnabling X ForwardingChecking the $DISPLAY VariableUsing ProxiesLocating Client Configuration FilesServer UsageStarting the ServerStopping the ServerLocating Server Configuration FilesGenerating New Server Host KeysSupporting TCP Wrappers
B. Server Configuration Options
C. Client Configuration Options
D. Performance Test Methodology
Bandwidth PerformanceIdentity GenerationSymmetric Cipher Performance
E. Scripts and Configuration Files
init ScriptAutomatic InstallationManual InstallationTo Manually Install the init ScriptContactinit Script SampleCode Example for Packaging ScriptUsageContactPackaging Script SampleCode Example for PRNGD Sanity CheckServer Configuration FilesDMZ-Bastion Host ServerLegacy SupportWorkstation ServerClient ConfigurationsRemote Worker Configuration FileWorkstation Configuration File
F. Resources
Solaris Secure Shell Software DocumentationOpenSSH DocumentationSoftware
Bibliography
Sun BluePrints OnLine ArticlesExternal ArticlesBooksBug ReportsFAQsMan PagesPresentationsSecurity Information

Content preview from Secure Shell in the Enterprise

Chapter 3. Configuring the Secure Shell

Configuration is the the technical implementation of the local security policy. When setting the policy, management decided the level of protection needed for machines and data. Now you must implement their decisions when configuring Secure Shell. Secure Shell has a variety of options, some of which may not be appropriate to your local situation. Configure according to your policy. Again, if you do not have a security policy, it is important to establish one.

In configuring Secure Shell, keep in mind two principles:

Defense-in-depth
Let no single point of configuration or defense be the only gatekeeper for security.
Plan on failure
Secure Shell can, and should, be configured at multiple points (build-time, server ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0131429000Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Secure Shell in the Enterprise

by Jason Reid

Chapter 3. Configuring the Secure Shell

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.