Mac OS X Unleashed

By John Ray and William C. Ray

• Table of Contents
  • Copyright
  • About the Author
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • Part I: Introduction to Mac OS X
  • Chapter 1. Mac OS X Component Architecture
  • Chapter 2. Installing Mac OS X
  • Chapter 3. Mac OS X Basics
  • Chapter 4. The Finder: Working with Files and Applications
  • Chapter 5. Running Classic Mac OS Applications
  • Part II: Inside Mac OS X
  • Chapter 6. Native Utilities and Applications
  • Chapter 7. Internet Communications
  • Chapter 8. Installing Third-Party Applications
  • Part III: User-Level OS X Configuration
  • Chapter 9. Network Setup
  • Chapter 10. Printer and Font Management
  • Chapter 11. Additional System Components
  • Part IV: Introduction to BSD Applications
  • Chapter 12. Introducing the BSD Subsystem
  • Chapter 13. Common Unix Shell Commands: File Operations
  • Part V: Advanced Command-Line Concepts
  • Chapter 14. Advanced Shell Concepts and Commands
  • Chapter 15. Command-Line Applications and Application Suites
  • Chapter 16. Command-Line Software Installation
  • Chapter 17. Troubleshooting Software Installs, and Compiling and Debugging Manually
  • Chapter 18. Advanced Unix Shell Use: Configuration and Programming (Shell Scripting)
  • Part VI: Server/Network Administration
  • Chapter 19. X Window System Applications
  • Chapter 20. Command-Line Configuration and Administration
  • Chapter 21. AppleScript
  • Chapter 22. Perl Scripting and SQL Connectivity
  • Chapter 23. File and Resource Sharing with NetInfo
  • Chapter 24. User Management and Machine Clustering
  • Chapter 25. FTP Serving
  • Chapter 26. Remote Access and Administration
    • Security-Minded Thinking
    • What Is Secure Shell?
    • Starting SSH in OS X
    • Using SSH: From Unix Box to Unix Box
    • Using an SSH2 Client in Mac OS
    • Using an SSH1 Client in Mac OS
    • Public Key Authentication
    • Are There Any Graphical SSH Clients for OS X?
    • Are There SSH Clients Available for the PC?
    • Summary
  • Chapter 27. Web Serving
  • Part VII: Server Health
  • Chapter 28. Web Programming
  • Chapter 29. Creating a Mail Server
  • Chapter 30. Accessing and Serving a Windows Network
  • Chapter 31. Server Security and Advanced Network Configuration
  • Chapter 32. System Maintenance
  • Appendix A. Command-Line Reference
  • Appendix B. Administration Reference

Using SSH: From Unix Box to Unix Box

SSH provides for secure encrypted traffic transmission across a network. Most SSH software, including that provided by Apple, includes both the encrypted transmission facility and rudimentary tools for making use of that functionality. These tools include the ability to use the encryption to provide secure terminal services and file transfer support. Other functionality can be added as needed by the user, by making use of just the secure transport portion of the software to encrypt the traffic between otherwise insecure external software packages.

Terminal-to-Terminal Connections

With SSH installed on your machine, you are now ready to connect to remote machines running secure shell.

To connect to another machine, use either ssh or slogin. The command you will most often use is

ssh [-2] <hostname>

Sometimes you might have to log in to a remote machine as a user other than as the user you are known as on the local machine. The -2 option forces the use of the SSH2 protocol. For example, a user might have an account named jray on one machine, and an account named rayj on another. The syntax to use to log in as another user on a remote machine is

ssh [-2] [-l <login_name>] [<hostname> | <user>@<hostname>]

If you are accustomed to using telnet, these are the commands that you will now use instead of telnet. If you are used to using rlogin, you might find slogin to be the more natural alternative. To quickly test that sshd works on your machine, it is easiest to login to your own machine, as shown here:

[localhost:~] joray% ssh ryoohki

     The authenticity of host 'ryoohki' can't be established.
     RSA key fingerprint is 29:1f:f6:25:1c:17:41:50:2e:43:d9:d5:1b:ca:3d:6b.
     Are you sure you want to continue connecting (yes/no)? yes
     Warning: Permanently added 'ryoohki,140.254.12.124' (RSA) to the list of known hosts.
     joray@ryoohki's password:
     Welcome to Darwin!

[localhost:~] joray% exit

     logout
     Connection to ryoohki closed.

Note that the first time you try an ssh action to a remote host, you are told that the remote machine's identity can't be verified and you are asked whether it should be trusted. The precise message varies with the version of SSH.

Transferring Files

To transfer files between machines, there are a couple of options: secure copy (scp) and secure FTP (sftp). The version of OpenSSH that comes with the 10.0.1 update does not include an sftp client. Therefore, from your OS X machine, the only option is scp. The basic form of the scp command is

scp [<user@>]<host1>] <file1> [[<user@>]<host2>:]<file2>

Here's an example of using the scp command to copy a file on an OS X machine to a remote machine:

[localhost:~] joray% scp developer-1.tiff rosalyn.biosci.ohio-state.edu:

     The authenticity of host 'rosalyn.biosci.ohio-state.edu' can't be established.
     RSA key fingerprint is 49:97:6b:54:18:40:0b:d3:17:25:fd:03:37:b2:09:68.
     Are you sure you want to continue connecting (yes/no)? yes
     Warning: Permanently added 'rosalyn.biosci.ohio-state.edu' (RSA) to the list of known

      
    hosts.
     joray@rosalyn.biosci.ohio-state.edu's password:
     warning: Executing scp1 compatibility.
     developer-1.tiff 100% |**********************************************|  1225 KB    00:04

Note that the remote host, rosalyn, gives a warning about invoking scp1 for compatibility. Although this version of the OpenSSH sshd is SSH1- and SSH2-compatible, the version of scp included appears to be an SSH1 version. This might mean that you might not be able to successfully run scp to a remote host running an SSH2-only server, rather than the hybrid-style that OpenSSH appears to be. This is not a problem with remote host rosalyn because rosalyn is running both SSH2 and SSH1 servers.

To verify that the file has indeed been copied to the remote machine, let's log in and check:

[localhost:~] joray% slogin rosalyn.biosci.ohio-state.edu

     joray@rosalyn.biosci.ohio-state.edu's password:
     Last login: Mon Apr 16 21:49:23 2001 from dhcp9574211.colu
     You have new mail.
     You have mail.
     /home/joray

     ...Remote login...

     /home/joray

Rosalyn joray 201 > ls -l developer*

     -rw-r--r--   1 joray    user     1255376 Apr 18 16:24 developer-1.tiff

Although the OS X 10.0.1 update does not include an sftp client, sftp is an option that might be available on some of the remote hosts. In addition, some of the remote hosts might also have an SSH2 version of scp. For these remote machines to use their sftp or SSH2 version of scp to transfer files to your machine, you have to turn on the sftp subsystem of your sshd.

To turn on your sftp subsystem, use your favorite text editor to edit the /etc/sshd_config file. Even if you are not interested in providing this extra compatibility at this time, you might want to glance at the /etc/sshd_config file to see what configuration options are currently in place. If you are using an editor such as vi, which does not make a backup copy of your file, you should make a copy of the file before you do any editing. By default, the line that turns on the sftp subsystem is commented out. To activate the subsystem, uncomment it. After you have uncommented the sftp subsystem line, the sftp related lines in /etc/sshd_config should look like this:

# Uncomment if you want to enable sftp
Subsystem       sftp    /usr/libexec/sftp-server

Next, tell sshd to reread its configuration file. This is done by sending a hangup signal to the process:

[localhost:/Users/joray] root# ps aux | grep sshd

     root    298   0.0  0.0     1476    324  ??  Ss     0:03.26 /usr/sbin/sshd
     root   1743   0.0  0.0     1084    188 std  R+     0:00.00 grep sshd

[localhost:/Users/joray] root# kill -HUP 298

In /var/log/system.log, you can see the system's response to your signal:

Apr 19 09:36:37 localhost sshd[298]: Received SIGHUP; restarting.

If you check the process listing again, you will also notice that the process ID has changed; in this case, from 298 as it was earlier to 1764:

[localhost:~] joray% ps aux | grep sshd

     root   1764   0.0  0.0     1476    308  ??  Ss     0:00.58 /usr/sbin/sshd
     joray  1924   0.0  0.0     5708      0 std  R      0:00.00 grep sshd

If you feel uncomfortable with sending the hangup signal, or if the system does not seem to have paid attention to the hangup signal, you can always reboot.

The message that sshd logs to /var/log/system.log stating that it is restarting is the only obvious sign you will see that anything has changed. You will not see any obvious sftp processes until there is a connection request for the sftp subsystem. When there is an sftp connection in progress, here is what the process listing will look like:

[localhost:~] joray% ps -aux | grep ftp

     joray  1389   0.0  0.0     1324    344  ??  S      0:00.03
/usr/libexec/sftp-ser
     joray  1391   0.0  0.0     5708      0 std  T      0:00.00 grep ftp

The version of the OpenSSH package that is provided in the 10.0.1 update is not the latest version of OpenSSH. Perhaps a later update will also include an sftp client.

Share This