Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

SSH, The Secure Shell

timothy posted more than 12 years ago | from the keep-it-secret-keep-it-safe dept.

Security 174

If you administer remote systems, check your email from the road, or just have a sense of paranoia about your home network, you're probably somewhat familiar with SSH. If you need to know more, though, danny writes "SSH, The Secure Shell will be another 'must have' O'Reilly volume for many system administrators. Read on for my full review."

A comprehensive study of what is now a key part of many network systems, SSH, The Secure Shell is a valuable resource for system administrators and users. Its explanations are clear and thorough: I'm not sure about the "definitive" claim, but Barrett and Silverman do go into considerable detail, often to the limits of "if you want to play with this you really ought to look at the source code." Perhaps most importantly, The Secure Shell is organised so one can easily skip unwanted detail and find just those portions that are relevant. As a result, it can be used in different ways -- read through to learn about ssh and what it can be used for, or just consulted as necessary to answer particular questions or solve particular problems.

Chapter one puts ssh in context, looking at its history and related technologies, and chapter two introduces basic client operation. Anyone who uses ssh and scp as simple telnet and ftp replacements and isn't curious about how they work can stop reading here -- and doesn't really need their own copy of The Secure Shell. Chapter three is an "under the covers" look at ssh. After a three-page introduction to cryptography (not really suitable for the reader with absolutely no background), it explains the ssh1 protocol and then how ssh2 differs from that and the extra features it offers. There is also a brief overview of the cryptographic algorithms commonly used in ssh implementations, and an explanation what ssh secures and what it doesn't.

The rest of the book is more implementation-specific: the primary implementations covered are SSH, SSH2, and OpenSSH. Being a lazy user of packages, I skipped chapter four, on installation and compile-time configuration. Chapter five is a guide to server configuration, working systematically through the sshd configuration file options.

The next four chapters are aimed at power users, covering client use in much greater depth. Chapter six explains key management: what identities are, how to create them, how to manage them with ssh agents, and how they can be used (to automate logons, most obviously, but fancy things can be done with multiple identities). Chapter seven goes through client configuration in detail, working through the configuration file options, chapter eight covers account configuration on the server-side (including forced commands), and chapter nine looks at port and X11 forwarding.

For those overwhelmed by all of this, chapter ten describes a sample "recommended setup" for everything from compilation to client configuration. Chapter eleven covers some special topics -- unattended SSH, FTP forwarding, mail over SSH, Kerberos, using SSH through a gateway host -- and chapter twelve is a troubleshooting FAQ.

Chapter thirteen is an overview of other implementations, with a table of products, and four short chapters then cover specific Windows and Mac clients. Of the three Windows clients covered here, two are proprietary and the third is only distributed as a bzipped tar file: it would have been good to have a chapter on one of the free and more user-friendly Windows clients, perhaps PuTTY or TTSSH, both of which get a "recommended" tag in the table of products.


You might want to purchase SSH, The Secure Shell from Barnes and Noble or read some of Danny's 600+ other book reviews. Want to be a famous book reviewer? You can read your own book reviews in this space by submitting your reviews after reading the book review guidelines.

Sorry! There are no comments related to the filter you selected.

Short version now available.. (-1)

Strom Thurmond (R-SC (310866) | more than 12 years ago | (#3609266)

This sucks.

FP.

Re:Short version now available.. (-1)

neal n bob (531011) | more than 12 years ago | (#3609273)

congratulations sir. You are truly a gentleman and a statesman. AC's - please feel free to suck an ass.

a more affordable alternative already exists (2, Funny)

tps12 (105590) | more than 12 years ago | (#3609277)

man ssh

Re:a more affordable alternative already exists (-1)

TrollBurger (575126) | more than 12 years ago | (#3609671)

Smmmmmmmmmooookkkkkkkkkkkke aaaaa cockkkkkkkkkkk

Re:a more affordable alternative already exists (0)

Anonymous Coward | more than 12 years ago | (#3610253)

you're not that far off

actually owning this book (I do own it) puts some great information at your finger tips, but that same information is readily available to the amatuer web reader. I ended up using it very little as I modified this [sixgirls.org] code for an automated ssh library.

O'Reilly strikes again... (1)

ThatTallGuy (520811) | more than 12 years ago | (#3609281)

Just send me one copy of everything they put out.

PuTTY (5, Informative)

asavage (548758) | more than 12 years ago | (#3609285)

PuTTY [greenend.org.uk] is a great free product. I have to use it for school as telnet access is blocked. It is probably for the best though.

Re:PuTTY (3, Informative)

T3kno (51315) | more than 12 years ago | (#3609560)

I love PuTTY, it's small, fast and has a lot of nice features, and best of all it's free. It's the first thing I do to any Windoze box I come in contact with. Launch about 5 PuTTY sessions and forget about Windoze.

Re:PuTTY (1)

nirvdrum (240842) | more than 12 years ago | (#3609877)

I like the port forwarding features of it too. Since I use a DSL line, and my school only allows the sending of mail from the network, it makes for a nice ad hoc vpn.

Get a real app! Re:PuTTY (0)

Anonymous Coward | more than 12 years ago | (#3609982)

PuTTY looks like it was designed by cavemen. If you want a decent GUI app for the 21st century, get the SSH Secure Shell Client from ssh.com [ssh.com] . It's free, and it runs circles around PuTTY.

Anonymous? Nobody's anonymous on the Internet!

Re:Get a real app! Re:PuTTY (0)

Anonymous Coward | more than 12 years ago | (#3610033)

Try Secure CRT [vandyke.com]

Re:Get a real app! Re:PuTTY (2)

lpontiac (173839) | more than 12 years ago | (#3610328)

PuTTY looks like it was designed by cavemen

Huh? 99.9% of the time all you see is characters in a window. Can't complain about a terminal doing that.

get the SSH Secure Shell Client from ssh.com [ssh.com]. It's free

No it's not. Except for hobbyist and educational use.

Re:PuTTY (2)

dasunt (249686) | more than 12 years ago | (#3610030)

Five Putty Sessions, or just 1 Putty Session with 1 instance of Screen?

Re:PuTTY (4, Informative)

jilles (20976) | more than 12 years ago | (#3610158)

Putty and its lesser known brother winscp2 are great tools. Also great is mindterm (google it). It is actually a Java application that can also be deployed as an applet. The great thing about the applet version is that you can launch it from any Java enabled browser and use it to connect to your system securely. Great when you are stuck in an internet cafe or somewhere else with limited browsing facilities.

Re:PuTTY (3, Informative)

rherbert (565206) | more than 12 years ago | (#3610714)

It looks like MindTerm is no longer free - try the Java Telnet/SSH applet/application [javassh.org] .

Re:PuTTY (1)

Chacham (981) | more than 12 years ago | (#3610226)

Putty is just a silly copy of am image from elsewhere, trying to go other places.

Re:PuTTY (1)

archen (447353) | more than 12 years ago | (#3610667)

Yeah, putty is nice and I've been trying to push it where I work. Unfortunatly no one ELSE seems to like it. Apperently people feel threatened if they can't see a bunch of usless buttons and icons on an app. Hopefully PuTTY will make some advancements on the maximize options - right now it does a horrible job stretching.

An essential tome in any sysadmin's library (4, Informative)

southpolesammy (150094) | more than 12 years ago | (#3609287)

I can't tell you how many times I've earmarked, copied, lent out, and otherwise thumbed through that book. Even after a few years now, I still find gems that I can find uses for in my daily grind.

I'd also check out the following books for great sysadmin knowledge:

"The Practice of System and Network Administration", Limoncelli & Hogan
"UNIX System Administration Handbook", Nemeth, Snyder, Seebass, & Hein
"Programming Perl", Wall, Christiansen, and Orwant
"Essential System Administration", Frisch

TROLL!!!!! (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3609402)

I can't tell you how many times I've earmarked, copied, lent out, and otherwise thumbed through that book. Even after a few years now,

Yeah, right. The book was just published.

Umm...no (2, Informative)

fatwreckfan (322865) | more than 12 years ago | (#3609479)

Actually, the book has been out for over a year now, as can be seen on the O'Reilly [oreilly.com] site.

Re:Umm...no (1)

southpolesammy (150094) | more than 12 years ago | (#3610189)

Journalism 101

Rule #1...check your references.
Rule #2...double check them.

Darn it...February 2001, 1st ed. My bad. Guess it just seems like longer.

Re:Umm...no (1)

skelley (526008) | more than 12 years ago | (#3610573)

It sure looks identical to the book I bought in Mar2001. I'll call the person I lent mine to and compare ISBN numbers.

The biggest problem is that ssh has changed rapidly enough that this book is fairly outdated. It is good if you are an sysadmin with no ssh experience, but don't expect it to cover the latest and greatest.

Posting a review now seems untimely as this book should be in a revision cycle.

Re:An essential tome in any sysadmin's library (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3609448)

Is that you PhysicsGenius ?

what are you smoking? (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3609505)

I can't tell you how many times I've earmarked, copied, lent out, and otherwise thumbed through that book

I Can. Zero. The book was just published a couple months ago, and you're full of it.

And this book provides what extra value? (3, Interesting)

dills (102733) | more than 12 years ago | (#3609289)

I guess I don't see why somebody would buy this book. I own several O'Reilly books, but I can't figure out why somebody would buy this. For the average and below-average admin, ssh is fine with the default install. For the above-average admin, they don't need the info spoon-fed, and there doesn't appear to be any "quick reference" value.

Re:And this book provides what extra value? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3609377)

Have you seen the VA stock?

Its an ad they are using to boost sales.

Re:And this book provides what extra value? (2, Interesting)

eyegor (148503) | more than 12 years ago | (#3609396)


For the most part I agree with you, it's not necessary for most Unix admins in order to get up and running with SSH. The man page and readme work just fine for that.

For those who want do more esoteric things (or are interested in learning HOW it works, it provides good, clear explanations of what is done or what CAN be done and how to do it.

While it's probably not the first O'Reilly book I'd recommend, it's still quite useful.

Re:And this book provides what extra value? (5, Informative)

maiden_taiwan (516943) | more than 12 years ago | (#3609601)

I'm biased -- being one of the authors -- but the book does contain non-spoon-fed info for the experienced sysadmin. For instance, the case studies in chapter 11 (read it for free [unixreview.com] ) discuss integrating SSH with Kerberos, port-forwarding FTP, etc., down to an excruciating level of detail. Sure, an SSH guru could figure this stuff out... after a few days of trial and error... but we've saved you the trouble.

People might find the default installation to be fine for basic use, but installation is only the first step of a journey. If all you want is "ssh -l user host" and "scp myfile foo@example.com:", that's great, but SSH has many other interesting uses and subtle behaviors.

Re:And this book provides what extra value? (2)

Phil Gregory (1042) | more than 12 years ago | (#3610416)

I'm probably an average admin. (Possibly below-average--I only admin a couple boxes at work and about five at home.) I found the book to be quite interesting. I learned far more about the underlying SSH protocol than I had known previously, as well as numerous other things like all of the possibilities available with RSA keys. (I've subsequently used RSA-key-based forced commands for a couple things at work.) Since reading the book through, I've referred back to it a number of times. I find it to be a handier reference than the man pages sometimes and the constant comparisons of OpenSSH, SSH1, and SSH2 are nice--most of the computers I deal with are OpenSSH, but there are a couple running SSH2.


--Phil (Very satisfied ssh user.)

PuTTY rules (5, Informative)

RealisticWeb.com (557454) | more than 12 years ago | (#3609292)

the free and more user-friendly Windows clients, perhaps PuTTY or TTSSH,

I have to second that opinion of PuTTY. Every time I am forced to use a windoze boxen to log into my server, I always use putty. It is very small (less than floppy size), is a standalone executable so it doesn't touch your registry, and it handles YAST just fine. You can get it from versiontracker. I highly recoment it.

Re:PuTTY rules (4, Informative)

Nos. (179609) | more than 12 years ago | (#3609339)

so it doesn't touch your registry

Assuming Windows 2000, check HKCU\Software\Simon Tatham

Since it is a single file, where do you think it stores the session information? However, Putty is a wondeful program and is my Windows SSH client to home.

Re:PuTTY rules (0)

Anonymous Coward | more than 12 years ago | (#3609431)

VERY WRONG. Putty is a standalone executable because it stores EVERYTHING in the windows registry. I love the program, but I really wish it used config files by default instead of stashing everything (options, saved sessions, server keys, whatever) in the registry.

Re:PuTTY rules (4, Insightful)

anthony_dipierro (543308) | more than 12 years ago | (#3609463)

It is very small (less than floppy size), is a standalone executable so it doesn't touch your registry, and it handles YAST just fine.

As was mentioned by someone else, it does touch your registry, but only if it can. What I like about it most is I can put it in my network drive at school and use it from all the computer labs without installing anything. Before I found putty I had to resort to a slow, ugly, broken java applet.

Just remember, unless you memorize the fingerprint, ssh doesn't protect against man-in-the-middle attacks when you switch client computers.

Fingerprints (2)

wirefarm (18470) | more than 12 years ago | (#3609523)

...unless you memorize the fingerprint, ssh doesn't protect against man-in-the-middle attacks...

Get in the habit of remembering just the first few bits of the fingerprint for frequently-accessed sites - it just takes a second or two and *greatly* increases your security. (I have a little mnemonic I use for my home server, the IP of which frequently changes...)

But then again, I'm paranoid and only use SSH to connect two machines, both of which are on my desk...)

Cheers,
Jim in Tokyo

PuTTY rules (4, Informative)

jabbo (860) | more than 12 years ago | (#3609503)

My entire staff uses PuTTY and I've fixed site problems from halfway around the globe (in Cambodia and Laos, no less) using it. It is a godsend like none other. Even on machines where I cannot save items to local disk, the 'run from current location' feature on Windows lets it work fine, and then I leapfrog in with an RSA key...

The forcible-keying and cipher selection options in 0.52 play nicely with OpenSSH 3.0+, which in my opinion elevates PuTTY above ttssh. The only competition is the Mac version, 'Nifty Telnet-SSH'.

Of course, nothing is as convenient as my ssh-agent process that spawns my X sessions at home. Since all my machines are RSA-keyed, and most are ONLY RSA-key accessible, access is transparent for me and damn near impossible for Bad Guys. (I allow an internally-usable backdoor for staff at the office without using RSA keys, but only on a couple machines necessary for their work... it's funny that now, if I screw up an OpenBSD upgrade, I get complaints about mutt not working. Everyone assumes Outlook is a POS, but they know I'm responsible if they can't use Mutt from a PuTTY session at some Kinko's or DoD machine!)

Re:PuTTY rules (1)

edbarrett (150317) | more than 12 years ago | (#3610297)

The only competition is the Mac version, 'Nifty Telnet-SSH'.

AFAICT, NiftyTelnet [lysator.liu.se] only does SSH1. Which sucks, because MacSSH [macssh.com] (fc2 anyway; I just found out fc3 was out!) hasn't been real reliable on my Quadra 840AV. And it only does SSH2.

Re:PuTTY rules (1, Informative)

Anonymous Coward | more than 12 years ago | (#3609605)

Putty feels nice, but putty is ssh v1 only. The v1 protocol is flawed, and is obselete. Until putty catches up, your security is not what you think it is.

Re:PuTTY rules (1)

zm (257549) | more than 12 years ago | (#3609646)

OK, whoever modded the parent up as "informative" better check the facts a little. Putty has supported ssh2 for a while now.

Get a new version (4, Informative)

RealisticWeb.com (557454) | more than 12 years ago | (#3609662)

Putty feels nice, but putty is ssh v1 only

Either you are using an old version, or you havent figured out how to use a "menu system". Let me refer you to the developers FAQ page:

A.1.1 Does PuTTY support SSH v2? [greenend.org.uk]

I hope that clears that up

Re:PuTTY rules (4, Insightful)

Our Man In Redmond (63094) | more than 12 years ago | (#3609836)

is a standalone executable so it doesn't touch your registry

I beg to differ. It saves its information in HKEY_CURRENT_USER\SimonTatham\PuTTY (at least it does on my Win2000 Pro box).

And yes, PuTTY does rock. At any given time I have about half a dozen PuTTY sessions open on my desktop, with various connections to my development servers and home box. Not quite as good as having a Linux box to work on, unfortunately, but about as close as you can reasonably get. Like the man says, it's called PuTTY because it makes Windows usable.

Re:PuTTY rules (0)

honold (152273) | more than 12 years ago | (#3610079)

putty stores all of its settings in the registry

"Question: Does PuTTY support storing its settings in a file instead of the Registry?
Answer: Not at present, although it's on the wish list."

feh (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3609300)

ive had this book almost a year now.
nice timely addition, team slashdot.

free pornwarezmp3s here [devaluate.com] !

Re:feh (2, Interesting)

huckda (398277) | more than 12 years ago | (#3609349)

nice timely addition, team slashdot

Timely or not, I appreciate most of the book reviews here because I don't have time to read each and every one of the books that come out, nor could I affoard all of them that I would like to read.

Being a teacher who is multi-tasked into system administration by the powers-that-be, I have enough on my plate already, and if a review is strikingly important to what I already do, and can shed some light on the topic, then I make an effort to get acquainted with that book and use it's insight.

Late for some is more than timely for others.

--Huck

nice skillz captain optimist (1, Funny)

Anonymous Coward | more than 12 years ago | (#3609389)

take your happy polite optimism somewhere else, thanks!

8)

Re:feh (2)

gazbo (517111) | more than 12 years ago | (#3609912)

Being a teacher who is multi-tasked into system administration by the powers-that-be
Where do I recognise that [dilbert.com] from?

Re:feh (1)

neo8750 (566137) | more than 12 years ago | (#3610560)

nor could I affoard all of them that I would like to read.


See this is were that little place in town called a library comes into play. You don't have to pay for the books just return them on time.

Woohoo! (4, Funny)

Indras (515472) | more than 12 years ago | (#3609303)


A snail for my O'Reilly zoo! Lets hope he can get along with all the other animals... or maybe he'll get eaten. Ah, who knows!

CAN SOMEONE MIRROR THIS REVIEW- IN CASE OF /,ING? (-1)

Subject Line Troll (581198) | more than 12 years ago | (#3609572)

n/m

Re:Woohoo! (2)

wirefarm (18470) | more than 12 years ago | (#3609585)

A snail for my O'Reilly zoo!...or maybe he'll get eaten.

Damn Mandrake [mandrakelinux.com] users!

Cheers,
Jim in Tokyo

Re:Woohoo! (-1)

TrollBurger (575126) | more than 12 years ago | (#3609661)

-1 Dickless
-1 Unfunny
-1 Retarded
-1 Whore
-1 Fuck off and kill yourself

Re:Woohoo! (0)

Anonymous Coward | more than 12 years ago | (#3609893)

Did you parents drop you on your head to amuse themselves or the other mentally deficient children in your in-bred family?

Re:Woohoo! (2)

antdude (79039) | more than 12 years ago | (#3610146)

Now, O'Reilly needs an ant ;).

my favorite (0)

Anonymous Cowrad (571322) | more than 12 years ago | (#3609309)

This one is up there with TCP/IP Network Administration when it comes to books that never leave me.

But wasn't this published a long time ago?

Re:my favorite (0)

Anonymous Coward | more than 12 years ago | (#3609443)

yes, my w2k tcp/ip book is the first book I go to
when there is a problem on my network.

Top Gun SSH (2, Funny)

conradp (154683) | more than 12 years ago | (#3609313)

Ah, but does the book talk about my favorite SSH client, Top Gun ssh [www.ai] for PalmOS? It lets me configure a UNIX server from a palm-enabled cell phone while lying on the beach!

Admittedly using vi with Graffiti is a bit of a challenge...

My favourite OpenSSH feature (5, Informative)

coleSLAW (23358) | more than 12 years ago | (#3609326)

The best thing in the newest version of OpenSSH just has to be the `-D ' switch. It provides a SOCKS4 proxy on the local port which dynamically proxies to the remote machine. How cool is that? It provides an instant VPN tunnel to your remote network!

My *own* favourite OpenSSH feature (3, Informative)

wirefarm (18470) | more than 12 years ago | (#3609455)

From work, SSH home - then open X Window or GTK, KDE programs that exist only on your home machine (gtk_gnutella, mozilla outside your corporate firewall, nmapfe, you name it...)

X connections over ssh are braindead easy, secure and quite simply kick ass.

Cheers,
Jim in Tokyo

Ah SSH... (2)

PepsiProgrammer (545828) | more than 12 years ago | (#3609351)

Opening a SSH connection to you desktop wirelessly from your zaurus is a truely wonderfull thing to behold, I just did it to the first time last night, it was breathtaking.

Re:Ah SSH... (0)

linatux (63153) | more than 12 years ago | (#3609422)

Surely nobody trusts M$ Passport enough to actually buy and sell using it!

Then again, force IS implied ...

Re:Ah SSH... (2)

TheSync (5291) | more than 12 years ago | (#3609863)

Oh yeah, what about using VNC on Palm V over CDPD wireless from an Amtrak train to diagnose an ailing NT box ;)

Re:Ah SSH... (2)

PepsiProgrammer (545828) | more than 12 years ago | (#3610194)

Interesting, but then again all NT Box's are ailing

is it secret? .....is is SAFE!? (-1, Offtopic)

taya0001 (457928) | more than 12 years ago | (#3609356)

If the power of the one falls into the darkness we will all be under the power of the evil one

one protical to rule them all.....

Hee (1)

delta407 (518868) | more than 12 years ago | (#3609361)

Chapter three is an "under the covers" look at ssh.

What, RTFS? Or was a full too long and they decided to remove all the whitespace? </sarcasm>

Oh well... it might be interesting. Though, I'm not adverse to reading C either. :-)

Buy it cheaper at half.com or bookpool.com (5, Interesting)

Seth Finkelstein (90154) | more than 12 years ago | (#3609400)

Take a look at this price comparison [bestwebbuys.com] from http://www.bestbookbuys.com/ [bestbookbuys.com]

half.com - $23.00
bookpool.com - $24.50
Barnes and Noble ... $31.96

Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

Re:Buy it cheaper at half.com or bookpool.com (1)

Erore (8382) | more than 12 years ago | (#3609540)

Buy it from O'Reilly directly. Trust me, they need the money and a book purchased directly from them leads to profits twice as high. Not that O'Reilly is making any profit these days.

Not necessarily (2)

JediTrainer (314273) | more than 12 years ago | (#3609600)

Unfortunately a lot of the time those numbers are fairly artificial.

Most online sites I know make up for low prices by nailing you with high shipping and handling charges (per item) when you check out.

A better price comparison would take this into account too.

Re:Not necessarily (2)

shorti9 (307602) | more than 12 years ago | (#3609679)

half.com (for sure, not certain about the other two) lists shipping right next to the item price. Very Straightforward, very handy.

i happily recommend them for buying books, etc, when you dont care that the author receive a cut on a used book (when you do, find the publisher and order there).

books were meant to be free (2)

aozilla (133143) | more than 12 years ago | (#3609650)

Steal it from Barnes and Noble - $Free

Re:Buy it cheaper at half.com or bookpool.com (1)

lwbecker2 (530894) | more than 12 years ago | (#3610113)

An even cheaper way to get it (or the information in it) is from O'Reilly's Safari electronic book site. Less than $10 per month for several books, and it is searchable, etc. and you can print out key sections if you want... Safari Books Online [oreilly.com]

Great firewall of Ankara? (-1)

Commienst (102745) | more than 12 years ago | (#3609411)

Turkey tightens controls on the net [bbc.co.uk]
Savas Unsal: Worried he will be driven out of business
By Dorian Jones
in Istanbul


Controversial new controls on the internet in Turkey have provoked protests from websites which fear they may be driven out of existence.

The new measures are part of a new wide-ranging broadcasting law which place the internet under the same legislation as the rest of Turkey's
media for libel and an offence called "lying news".

Under the new law, websites could face having to be officially registered and send copies of their material to the authorities.

The measures have been condemned by much of the internet sector, from service providers to users, who warn that the whole future of the net in Turkey could be at stake.

Impact on internet sector

Savas Unsal, Managing Director of Superonline, Turkey's largest internet provider, is furious, describing it as a "dirty law".

"There's not going to be a certain direction, no freedom of speech and this is going to impact the local content and local hosting services and eventually the whole internet sector," he said.

"They might easily put me and my chairman out of business."

With around a million subscribers, Superonline has been part of the country's rapidly growing internet sector.

Many burgeoning Turkish internet websites carry criticism of ministers, including material newspapers dare not publish.

But Dr Oktay Vural, Minister of Transport and Communications, insists the measures are not intended to stiffle sites.

"There are no restrictions. It is only that there have been several things which have been forbidden by the law," he said.

"So if these actions were taken through the internet, then the regulations will cover for those actions only. We cannot be an eye in the chatrooms; that is not the aim of that law.

"Let's see what happens. I don't think it will affect the internet. I think time will show the truth," he said.

Media controls

The new law puts the internet under the control of Turkey's Supreme Radio and Television Board.

According to Savas Unsal, that opens the door to the internet facing the similar restrictions as the rest of the country's media.

"A judge can tell you to bring a copy of your website whenever you update it to be approved by the local authorities," he said.

The law is unclear what it actually covers. According to Fikret Ilkiz, media lawyer for the Turkish daily newspaper, Cumhuriyet, internet providers could be liable for prosecution for anything written, even in chatrooms.

He also argues that the notion of "lying news" is too ambiguous.

"The biggest problem is that the law is very unclear. The law forbids fake or lie news. But what is this?" he asked.

"The law doesn't define what it is. It just says it's forbidden. And this could apply to chatrooms.

"The way the law is now, it will be defined by many court cases. For now, there is great uncertainty. No one knows what is legal and what is not. It is chaos."

'Ambiguous law'

Reaching a definition of the law by court cases could well be an expensive process for internet providers and users, with fines of up to $195,000 for each offence.

But some critics of the law argue it is deliberately ambiguous. Much of Turkey's legislation governing the control of the media is characterised by catch all phrases.

" Now we believe that the internet, and computers in general, provide us with a second chance "
Halik Sahin, Bilgi University

The internet until now has been largely exempt from such legislation. Such freedom has allowed it to become a powerful forum for criticising
politicians.

Many journalists publish articles on the internet which neither television nor newspapers dare print, due in part to existing legislation.

The European Union, which Turkey aspires to join, has strongly condemned such legislation. This latest law has also drawn the ire of the EU, with officials calling for its repeal.

That could well happen because Turkey's President Ahmet Necdet Sezer has sent the law to the Constitutional Court, accusing it of breaching the constitution.

The court could take up to a year to make a ruling. In the meantime, the law remains in force.

Internet slowdown

The uncertainty created by the new legislation could prove most damaging of all to Turkey.

Professor Haluk Sahin, who teaches media studies at Istanbul's Bilgi University, warns that Turkey risks repeating the mistakes of the past

"A lot people in Turkey realize that Turkey must not make the mistake of 200 years ago," he says.

"Some 200 years ago, the Ottoman Empire missed the Industrial Revolution. Now, we believe that the internet, and computers in general, provide us with a second chance.

"A new train has arrived. Whether we embark on that train or not is up to us and the younger generations seem determined to do that.

"Unfortunately, the older generations and the politicians do not seem to be of the same mind," he said.

You can hear more about how Turkey is controlling the internet on the BBC World Service programme, Go Digital.

Re:Great firewall of Ankara? (-1)

hettb (569863) | more than 12 years ago | (#3609665)

This is, of course, a Good Thing(tm).

With these new laws, people spreading anti-Turkish propaganda on the Internet and trying to undermine the people's faith in the Turkish Republic, will finally get what they deserve, particularly those wicked anarchists and communists who like to claim that the Turks committed genocide against the Armenians(of course spreading this lie has been punishable in Turkey for decades, but unfortunately not if done via the Internet; I'm glad this too has changed!)

Another victory for Justice!

Re:Great firewall of Ankara? (-1)

Commienst (102745) | more than 12 years ago | (#3609805)

The Turks are so stupid they think that the world is run by the Armenian and Greek diasporas. 8 millions Greeks and 3 million Armenians running the world! We better notify the 5 billion other people that they are mere Armenian and Greek pawns!

Re:Great firewall of Ankara? (-1)

Commienst (102745) | more than 12 years ago | (#3609838)

I got a question are there lots of other Austrians like you who know what is going on in Turkey? Or are they ignorant and think it is just like any other "European" country(if calling yourselves European was the only thing to being European, Turks would be the most European!)?

I am a Greek-American and lots of the stupider Americans think Greek and Armenians are fanatics for being pissed that Turks keep lying about the genocides Turks committed.

Re:Great firewall of Ankara? (-1)

hettb (569863) | more than 12 years ago | (#3609952)

Given that ~10% of Austrians and Germans don't even (want to?) know what the Holocaust was, I'd guess that not many people here know about the genocide that happened in Armenia. The only thing they care about is if a European is sentenced to 10 years in prison because of smuggling drugs into Turkey; otherwise they mostly don't care about Turkish politics.

As for your second questions; no, most Europeans don't consider Turkey to be a European country; unfortunately this is not because of the sad current state of their society, the lack of a more or less democratic government and their unwillingness to admit that there are some very ugly aspects to their history , but rather because of 98% of the population being Muslims. Wonderful, isn't it?

Got the book.... (5, Informative)

Satan's Librarian (581495) | more than 12 years ago | (#3609412)

and what it has that's not easy to come by is a comprehensive description of SSH from both a user's and an administrator's viewpoint that's really readable. Of course, the internet drafts [ietf.org] are the primary source of hardcore information, but it's nice to scan the book for additional insight on some things.

I've found the book to be extremely useful, but then I'm working on a multiplatform GUI SSH2 client myself so my opinion may be a bit skewed.

Re:Got the book.... (3, Insightful)

47PHA60 (444748) | more than 12 years ago | (#3610691)

agreed; I am especially happy with the sections on the anatomy of an SSH1 and SSH2 session. For administrative use and documentation, the descriptions are as comprehensive as the draft standard, but much more clearly written.

... top off with SSH Agent for fit & finish! (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3609454)

O'Reilly's book is great. OpenSSH is magnificent. But it's SSH Agent [phil.uu.nl] that's the breath of life for all that, bringing it within reach for Joe Moron's grannie too.

SSH, O Escudo Seguro (-1, Redundant)

Anonymous Coward | more than 12 years ago | (#3609502)

Se você administrar sistemas remotos, verifique seu email da estrada, ou tenha apenas um sentido do paranoia sobre sua rede home, você são provavelmente um tanto familiar com o SSH. Se você necessitar saber mais, embora, danny escreve " SSH, o escudo seguro será outro ' deve ter ' o volume de O'Reilly para muitos administradores de sistema. Lido sobre para minha revisão cheia."

SSH, O Escudo Seguro
autor: Daniel J. Barrett, Richard E. Silverman
páginas: 540
publisher: O'Reilly & Associados
avaliação: 8
revisor: Danny Yee
ISBN: 0-596-00011-1
sumário: Olhar detalhado no protocolo ubiquitous de SSH, da instalação aos usos avançados.

Um estudo detalhado de o que seja agora uma parte chave de muitos sistemas da rede, SSH, o escudo seguro é um recurso valioso para administradores e usuários de sistema. Suas explanações são desobstruídas e completas: Eu não sou certo sobre a reivindicação "definitive", mas Barrett e Silverman entram no detalhe considerável, frequentemente aos limites de "se você quiser jogar com este que você realmente ought olhar o código de fonte." Talvez o mais importante, o escudo seguro é organizado assim que se pode fàcilmente saltar detalhe não desejado e encontrar apenas aquelas parcelas que são relevantes. Em conseqüência, pode ser usado nas maneiras diferentes -- lidas completamente para aprender sobre o ssh e o que pode ser usado para, ou consultado apenas como necessário responder a perguntas particulares ou resolver problemas particulares.

O capítulo um põe o ssh no contexto, olhando seus history e tecnologias relacionadas, e o capítulo dois introduz a operação básica do cliente. Qualquer um que usa o ssh e o scp como recolocações simples do telnet e do ftp e não é curioso sobre como trabalham podem parar de ler aqui -- e não necessita realmente sua própria cópia do escudo seguro. O capítulo três é "sob as tampas" olha o ssh. Após uma introdução da três-página ao cryptography (não realmente apropriado para o leitor com absolutamente nenhum fundo), explica o protocolo ssh1 e então como ssh2 difere daquele e as características que extra oferece. Há também uma vista geral breve dos algoritmos cryptographic usados geralmente em execuções do ssh, e uma explanação que ssh se fixa e o que não .

O descanso do livro é execução-mais específico: as execuções preliminares cobertas são SSH, SSH2, e OpenSSH. Sendo um usuário preguiçoso dos pacotes, eu saltei o capítulo quatro, na instalação e na configuração compile-time. O capítulo cinco é uma guia à configuração do usuário, trabalhando sistematicamente com as opções da lima da configuração do sshd.

Os quatro capítulos seguintes são usuários visados do poder, cobrindo o uso do cliente em uma profundidade muito mais grande. O capítulo seis explica a gerência chave: que identidades são, como as criar, como as controlar com agentes do ssh, e como podem ser usadas (para automatizar o mais obviamente inícios de uma sessão, mas coisas da fantasia pode ser feito com as identidades múltiplas). O capítulo sete atravessa a configuração do cliente em detalhe, trabalhando com as opções da lima da configuração, a configuração do cliente das tampas do capítulo oito no usuário-lado (comandos forçados including), e os olhares do capítulo nove forwarding em porto e em X11.

Para aquelas oprimidas por toda a esta, o capítulo dez descreve uma amostra "instalação recomendada" para tudo da compilação à configuração do cliente. As tampas do capítulo onze alguns tópicos especiais -- SSH desacompanhado, forwarding do ftp, correio SSH excedente, Kerberos, usando SSH através de um anfitrião da passagem -- e o capítulo doze são um FAQ da pesquisa de defeitos.

O capítulo treze é uma vista geral de outras execuções, com uma tabela dos produtos, e quatro capítulos curtos a seguir cobrem clientes específicos de Windows e do mac. Dos três clientes de Windows cobertos aqui, dois são proprietários e o third é distribuído somente como a bzipped a lima do piche: seria bom ter um capítulo em um dos clientes livres e mais user-friendly de Windows, talvez o puTTY ou TTSSH, ambos que começam "recomendaram" o Tag na tabela dos produtos.

Re:SSH, O Escudo Seguro (-1)

YourMissionForToday (556292) | more than 12 years ago | (#3609634)

Fuck the Polish! but remember to sniff it first!


Re:SSH, O Escudo Seguro (0)

Anonymous Coward | more than 12 years ago | (#3609961)

Temos de continuar a ajudar o movimento the Open Source. So quando vencemos companias como Microsoft, e' que podemos descansar!

Make SSH Open Source! (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3609615)

Only when we leverage off the large experienced developer community in the Open Source can we have a shell that exceeds expectations.

We must support Open Source and insist that SSH fall under the GNU licensing.

MODS ON CRACK YET AGAIN (0)

Anonymous Coward | more than 12 years ago | (#3609985)

Typical /. greenhorns. Someone presents a valid point, morons don't understand it and mod it down. Same thing happened back in 1939.

To the poster before, I agree with you.

ssh = somewhat secure shell (0)

Anonymous Coward | more than 12 years ago | (#3609672)

How many advisories and updates have their been for ssh in the last year? Two years?
I've never used it an never will.
I use cipe and deslogingw for vpn, or deslogin for shell access.
SSH sucks anyway, it inherited all the r- services bloat and problems.

Re:ssh = somewhat secure shell (-1)

hettb (569863) | more than 12 years ago | (#3609795)

Bzzz, wrong!

Those security holes you are speaking of are only found in the free software version of SSH, OpenSSH [openssh.com] , hacked together by Theo de Rat and his National [umich.edu] Socialist [uni-erlangen.de] friends [sites.inka.de] .

The commercial version of SSH by Tatu Ylönen [ssh.com] , OTOH, is completely secure and bugfree.

If only the rest of the world realized this and used commercial software instead of open source...

And next from O'Reilly (5, Funny)

Anonymous Coward | more than 12 years ago | (#3609684)

"tr" - the definitive guide
The ifconfig bible
/etc/aliases in a nutshell
The System Administrator's guide to "ls"
find - the command that finds things

Plus, for Windows users:

Notepad for power-users
The DOS "cd" command - navigating directories from the command line
format - making unformatted discs usable for the storage of files.
Start->Shut Down - Switching off your computer for dummies.

Web mail popping ssl (1)

CETS (573881) | more than 12 years ago | (#3609690)

Does anyone know of a web based email service (i.e yahoo) that will allow you to connect to a pop server running SSL?

Re:Web mail popping ssl (0)

Anonymous Coward | more than 12 years ago | (#3610012)

Try http://www.cotse.com

Re:Web mail popping ssl (0)

Anonymous Coward | more than 12 years ago | (#3610068)

You can roll your own.

Goto sourceforge.net make a search for "email server" Go through the list until you find one that suits you. I can't recommend a specific one, because they seem to be all different but I tried eCorei and NOCC. That Squirrel one might work for you also.

Re:Web mail popping ssl (2, Informative)

conradp (154683) | more than 12 years ago | (#3610302)

I use FastMail [fastmail.fm] and have been very happy with them, they're still small enough that you can contact the developers directly and they respond promptly. I use SSL IMAP but they support SSL for POP as well.

Re:Web mail popping ssl (1)

CETS (573881) | more than 12 years ago | (#3610526)

From fastmail faq: Port : The port the POP server lives on. Almost always 110. We currently don't support retrieving POP over SSL to FastMail. Ignore this setting for HotMail accounts. For MSN (non-HotMail) accounts use port 80. The bold is what I'm looking for in a web based email client.

Re:Web mail popping ssl (1)

CETS (573881) | more than 12 years ago | (#3610465)

I'm not talking about connecting to a web site with SSL, but having the web site's email system connect to my ssl enabled pop server on port 995.

eah Right (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3609720)

Why release a kenal for an os thats never coming out?

Old Book (0)

Anonymous Coward | more than 12 years ago | (#3609789)

Binary Freedom reviewed this a year ago!

http://www.systemtoolbox.com/bfarticle.php?conte nt _id=47

Has that much changed with SSH?

ssh.com's SSH Secure Shell for Windows (3, Interesting)

%systemroot% (63702) | more than 12 years ago | (#3609986)

...is quite good, and it's free for noncommercial use (check the website for what their lawyers mean by that.)

I am quite pleased with the latest version for workstations (3.1) in that they have finally implemented somewhat-intelligent URL handling (i.e. clicking on a URL brings up the link in a new window in your default browser) and the look of the app can match the XP look with the click o' a checkbox, for those who care about such things.

Additionally, the Explorer-like secure file transfer window is a godsend for folks like me who:

are too paranoid to have an ftpd running on their servers, and

appreciate how it Just Works.
If you, say, use your Windows gaming machine to occasionally ssh in and mutt or pine through your mail on your *nix server, I'd recommend checking it out. (No, I have no affiliation with ssh.com, I just like the product.)

Glazes over the topic (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3610046)

I have read this book, and I have to say it is virtually useless. Read the draft specification (available on www.ssh.com) and get out your sniffer if you want the real nuts and bolts of the protocol; It's alot cheaper. This book does not detail protocol operation at any length. It insults the reader with analogic descriptions with no detail.

Read the O'Reilly book if you want to know how to set up specific SSH implementations.

Re:Glazes over the topic (1)

maiden_taiwan (516943) | more than 12 years ago | (#3610325)

You are correct that the book focuses on SSH in use, not on the innermost depths of the draft specification. Anyone who wants that information is better served by reading the specs, as both you and we recommend (first page of the "Inside SSH" chapter).

Our book's stated goal about protocol information is "to teach you enough about SSH to make an intelligent, technically sound decision about using it." [41]

We heartily welcome any specific criticisms of our explanation of SSH internals, so we can update the book as needed. Our email addresses are dbarrett@oreilly.com and res@oreilly.com, as given on the last page of the book under "About The Authors."

A great use for ORA's safari (3, Informative)

astrashe (7452) | more than 12 years ago | (#3610088)

O'Reilly's Safari [oreilly.com] lets you read books online. It's a lot cheaper than buying the books, and for things you don't absolutely need on your shelf, it's a good deal.

It's really easy to use basic SSH, but managing keys and using the more advanced forms of authentication is more of a hassle. You can read the docs, search the web for tutorials, or you can spend a safari point (a couple of bucks) to get full access to the book online.

I haven't read the book, but I imagine that it would be helpful for people who want to do things like run automatic backups over the network through a SSH tunnel.

Good, good. (0)

Anonymous Coward | more than 12 years ago | (#3610295)

OpenSSH works out of the box for the average user, yes, but I have seen some really odd configuration bits that some people get into. I'm not sure how well this book goes into configuration and wicked juju, but hey, at the least, it's another great work to read in the bathroom.

That said, SSH itself rox0rz. Though I'm the single user of my home network, my boxes only allow SSH connections - none of that telnet stuff. It's a very good practice to get into, as there's not much of a performance hit from using SSH instead of telnet.

All in all, we should be trying to wean people off of telnet. Telnet is still useful for some applications, but SSH should be stressed for most of the things telnet was used for in ages past.

(And, as someone pointed out, Putty, for MS boxes, rocks. It's a very quick download - "Blah blah blah clients blah blah!" isn't an excuse if you have MS boxes on your network! :))

A really good SSH client (0, Redundant)

AllMightyPaul (553038) | more than 12 years ago | (#3610330)

A really neat SSH client is available here. I love it.

http://www.chiark.greenend.org.uk/~sgtatham/putt y/

False sense of security... (1, Interesting)

Xiver (13712) | more than 12 years ago | (#3610553)

SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX

http://ettercap.sourceforge.net/

If you build it they will crack it.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?