Secure Shell in the Enterprise

For those who are not too technical about this, SSH at its core is a secure method of remotely logging into a system. When you use the standard TELNET protocol, everything that is typed across the network (including oh-so-trivial things like user IDs and passwords) can be very clearly seen by anyone who is using a network sniffing device. Secure shell encrypts every packet of data before it even hits the network, thus making decrypting the network traffic very difficult for those who are trying to spy on your network.

The short of it is that this is a very good book. Not only does this book cover the technical aspect of secure shell, but as its title states it also covers the methodology of using secure shell in a large environment. It describes what secure shell does and it also goes into very nice information about the logistics of using SSH as well as information that is directly related to SSH, like authentication, public and private keys, and numerous other aspects that help to give you an understanding on how SSH can be used in an enterprise setting.

Unlike many other books that tell you to go to a web site and follow the instructions, Secure Shell in the Enterprise goes through a refreshingly detailed set of steps to compile the software manually. Sure, you can always download the precompiled version from SunFreeware.com, but those versions are often a few revisions behind. If you're very conscious about security, which you apparently are if you're considering using SSH, compiling from the newest source code is always the best method.

The book also is not restricted to the open source version. It covers in good detail the differences between the open source version and the version that is built into Solaris 9. By doing this, the book encompasses all potential SSH administrators rather than being focused to a specific subset of SSH users.

My only real gripe is that it does not have any kind of troubleshooting section, which could be particularly helpful and would fit in well with the wide amount of information that is covered.

Overall, I have to give this book some high praise. Its solid focus and breadth of information as well as background and methodologies involved with SSH and its installation and configuration make this an exceptional book to have at your side if you are considering implementing SSH in your workplace. Because the book also involves the open source version of SSH, I have every reason to believe that it would be just as useful even in non-Solaris environments.

Rating:
Summary: Don't "Open SSH" without it
Review: Secure Shell is misnamed, it should be titled Open SSH in the enterprise. That said, this is another fine Sun Blueprint book, well written, clear, gives you exactly what you need to implement Open SSH. I especially appreciate the troubleshooting chapter, after all since SSH is encrypted, troubleshooting is quite challenging.

The back of the book includes a series of example scripts, I don't normally appreciate page after page of code with no explanation other the the inline comments, but having set up SSH recently on my Mac, I know firsthand that examples can be very helpful.

The book doesn't cover PuTTy and is very thin on support for Windows clients, but if you are a Sun shop, this is just the ticket.

The book also does not properly cover the many, many hazards of SSH. If you run clear text password protocols (FTP, Telnet, r-utilities) you will surely die. However, there have been a raft of vulnerabilities with SSH, especially version 1. Beyond protocol problems, there are architecture issues by allowing encrypted pipes into your site that should be covered in detail. If there is a second edition of this book, I would recommend a "Death by SSH" chapter.

Rating:
Summary: Don't "Open SSH" without it
Review: Secure Shell is misnamed, it should be titled Open SSH in the enterprise. That said, this is another fine Sun Blueprint book, well written, clear, gives you exactly what you need to implement Open SSH. I especially appreciate the troubleshooting chapter, after all since SSH is encrypted, troubleshooting is quite challenging.

The back of the book includes a series of example scripts, I don't normally appreciate page after page of code with no explanation other the the inline comments, but having set up SSH recently on my Mac, I know firsthand that examples can be very helpful.

The book doesn't cover PuTTy and is very thin on support for Windows clients, but if you are a Sun shop, this is just the ticket.

The book also does not properly cover the many, many hazards of SSH. If you run clear text password protocols (FTP, Telnet, r-utilities) you will surely die. However, there have been a raft of vulnerabilities with SSH, especially version 1. Beyond protocol problems, there are architecture issues by allowing encrypted pipes into your site that should be covered in detail. If there is a second edition of this book, I would recommend a "Death by SSH" chapter.