OpenSSH needs no introduction. OpenSSH is a free and open source suite of security-related software based on the SSH protocol. OpenSSH provides secure network communication and tunneling capabilities. OpenSSH gives peace of mind when communicating with Linux or Unix-like server over the Internet on the insecure network.
SSH is essential for both sysadmins and developers. The book “SSH Mastery” (2nd ed) talks about OpenSSH server, clients, encryption, public/private keys, VPNs and other security-related network-level utilities based on the Secure Shell SSH protocol.
Book Review: SSH Mastery
So we know SSH encrypts traffic. However, how does it works? The first chapter gives brief introduction algorithms and keys. The second chapter includes a quick tour of SSH configuration syntax used by the server and client.
The third chapter is all about OpenSSH Server configuration option such as setting networking config, banners, authorization, restricting access by users/groups, chrooted jails/users, and more.
The author explains the essential subject of verifying server keys in the fourth chapter. The ssh client covered in chapter number 5. It talks about SSH clients for both Windows and Linux/Unix-like system including ssh command client configuration such as ~/.ssh/config file, multiplexing, compression and more. It also covers the PuTTY client that is mostly used by Windows users.
SSH file copy utilities such as SCP/SFTP and friends covered in chapter 6 including Windows client called WinSCP.
SSH keys serve as a midpoint of knowing to an SSH server using public-key cryptography and challenge-response authentication. The passwordless login is essential for many sysadmin tasks. The seventh chapter is an excellent source creating a personal key
pair for authentication instead of a password without reducing SSH security. It also talked about ssh-agents and more.
Chapter eight talked about X Forwarding, and chapter nine is all about port forwarding features of SSH. Often ISP or corporate firewall drop ssh connection after some interval to free resources. The tenth chapter demonstrates how to keep ssh connection alive using various options.
Chapter 11 to 14 covers advanced topics and features of OpenSSH. Chapter eleven shows how to automatically distribute host keys and improve security while eliminating the need for users to compare host key fingerprints manually. It also shows how to create host keys in DNS and revoke ssh keys if the need arises. The sysadmin would love this topic.
Another important topic discussed in chapter twelve. It is about SSH automation and running a command on a remote host. Setting up VPN or an encrypted tunnel between two networks covered in chapter thirteen. The last chapter talks and demonstrates creating a CA (certificate authority) to permit only authorized user keys to log on to the network.
Want to learn to SSH professionally? Follow Michael’s advice
One might find all of the SSH information all over the Internet. Some might be outdated already. Others might just work on specific platforms like macOS or Linux or OpenBSD. “SSH Mastery” is a must-read for sysadmins, DevOps engineers, and developers who work with Linux or Unix-like systems over ssh. I am incredibly impressed with this book. The book teaches about SSH server, security, and more in a way no other book has tried. It covers everything that one must know about SSH without hunting numerous online resources or man pages.
- Title: SSH Mastery, 2nd edition.
- Author: Michael W. Lucus.
- Publisher: Tilted Windmill Press.
- Length: 243 pages.
- Target: System administrators or developers are interested in the remote management of Linux/UNIX-like systems and network devices.
- Rating: 5/5.
- Disclaimer: Tilted Windmill Press sent us a review copy.
- Purchase online at Amazon (Kindle edition).
|Category||List of Unix and Linux commands|
|Firewall||CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|