Mac OS X Unleashed

By John Ray and William C. Ray

• Table of Contents
  • Copyright
  • About the Author
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • Part I: Introduction to Mac OS X
  • Chapter 1. Mac OS X Component Architecture
  • Chapter 2. Installing Mac OS X
  • Chapter 3. Mac OS X Basics
  • Chapter 4. The Finder: Working with Files and Applications
  • Chapter 5. Running Classic Mac OS Applications
  • Part II: Inside Mac OS X
  • Chapter 6. Native Utilities and Applications
  • Chapter 7. Internet Communications
  • Chapter 8. Installing Third-Party Applications
  • Part III: User-Level OS X Configuration
  • Chapter 9. Network Setup
  • Chapter 10. Printer and Font Management
  • Chapter 11. Additional System Components
  • Part IV: Introduction to BSD Applications
  • Chapter 12. Introducing the BSD Subsystem
  • Chapter 13. Common Unix Shell Commands: File Operations
  • Part V: Advanced Command-Line Concepts
  • Chapter 14. Advanced Shell Concepts and Commands
  • Chapter 15. Command-Line Applications and Application Suites
  • Chapter 16. Command-Line Software Installation
  • Chapter 17. Troubleshooting Software Installs, and Compiling and Debugging Manually
  • Chapter 18. Advanced Unix Shell Use: Configuration and Programming (Shell Scripting)
  • Part VI: Server/Network Administration
  • Chapter 19. X Window System Applications
  • Chapter 20. Command-Line Configuration and Administration
  • Chapter 21. AppleScript
  • Chapter 22. Perl Scripting and SQL Connectivity
  • Chapter 23. File and Resource Sharing with NetInfo
  • Chapter 24. User Management and Machine Clustering
  • Chapter 25. FTP Serving
  • Chapter 26. Remote Access and Administration
    • Security-Minded Thinking
    • What Is Secure Shell?
    • Starting SSH in OS X
    • Using SSH: From Unix Box to Unix Box
    • Using an SSH2 Client in Mac OS
    • Using an SSH1 Client in Mac OS
    • Public Key Authentication
    • Are There Any Graphical SSH Clients for OS X?
    • Are There SSH Clients Available for the PC?
    • Summary
  • Chapter 27. Web Serving
  • Part VII: Server Health
  • Chapter 28. Web Programming
  • Chapter 29. Creating a Mail Server
  • Chapter 30. Accessing and Serving a Windows Network
  • Chapter 31. Server Security and Advanced Network Configuration
  • Chapter 32. System Maintenance
  • Appendix A. Command-Line Reference
  • Appendix B. Administration Reference

Using an SSH1 Client in Mac OS

The SSH1 client we will primarily use is F-Secure SSH 1.0.2. We again choose to demonstrate the basic concepts with a product developed by one of the companies originally involved in creating the SSH protocol.

Install F-Secure SSH 1.0.2 as you would any other Macintosh software. Like F-Secure SSH 2.1, it installs in a folder called F-Secure SSH in whatever location you specify. There is no reason not to store both in the same F-Secure SSH folder.

Like the SSH2 client, this client can also be used to make terminal connections and to tunnel arbitrary TCP connections. We will only demonstrate making an FTP tunnel in this section. From the user's perspective, the tunnel concepts are the same for both clients; only the interfaces differ.

From a technical perspective, the SSH1 client speaks to only machines that are running SSH1 servers. Because the OS X 10.0.1 update includes an OpenSSH package, which is SSH1- and SSH2-compatible, you do not specifically need an SSH1 package. However, if you have to connect to machines that are running only an SSH1 server, you might find an SSH1 client useful. Be sure to use F-Secure 1.0.2 rather than 1.0.1 because 1.0.2 includes some fixes that make it more compatible with more SSH servers.

On another note, even though OpenSSH is SSH1- and SSH2-compatible, we have seen some unusual characteristics to the package, specifically its SSH1-only implementation of scp. We do bring to your attention a freely available SSH1 client that you might find useful: Nifty Telnet SSH. Although Nifty Telnet SSH does not have any tunneling capabilities, it does have an scp feature, which the F-Secure 1.0.2 client does not include.

In this section, we will demonstrate the use of the terminal and tunnel features in the commercial package, F-Secure 1.0.2. However, we will also demonstrate the scp feature in the freely available package, Nifty Telnet.

Setting Up a Terminal

To set up a terminal, do the following:

1. Start F-Secure SSH 1.0.2, as shown in Figure 26.18. The first time you start the program, you will be asked to initialize the random number generator. Just move your cursor around in the window.
   

   Figure 26.18 Move your cursor around in the window to generate randomness.

2. When you are finished generating enough randomness, a terminal window appears, as shown in Figure 26.19.
   

   Figure 26.19 The terminal window is the primary user interface in F-Secure 1.0.2. There is no Connection Manager in this version.

3. Press Enter in the terminal window to display the Connect Using Password Authentication dialog box, shown in Figure 26.20. Enter the remote machine as the host name. Enter your username and password; then click OK.
   

   Figure 26.20 Enter the appropriate information in the Connect Using Password Authentication dialog to connect to the remote host.

1. As with SSH2, the default server port is 22. There is no need to change this unless you have been informed that the SSSH1 server is running on a different port. If you have been so informed, click on Properties before you enter the rest of the information for the Password Authentication dialog. The Properties dialog shown in Figure 26.21 appears, where you can enter an alternate port, should this be necessary. Enter the correct port number and then click OK. Complete the rest of the Password Authentication dialog.
   

   Figure 26.21 If necessary, change the port setting in the Connection tab in the Properties box.

2. Whenever you connect to an unknown host the first time, a dialog like that in Figure 26.22 is shown, where you are asked whether you want to accept the new host key. If you will be connecting to the remote host regularly, choose Accept & Save.
   

   Figure 26.22 If you will be regularly connecting to the unknown remote host, click Accept & Save.

3. Choose Save Settings under the File menu, and save the alias to the desktop for your convenience.
4. Log out of your terminal session and quit the program.

Setting Up an FTP Tunnel

Like the 2.1 client, the 1.0.2 client has tunneling capabilities. The interface for setting up tunnels is not as friendly as in the 2.1 client. We recommend that you make any tunnels that you need for a particular host and save them all to the same alias. Because the only way to use the tunnels in 1.0.2 is through a terminal session, it is not to your advantage to save an alias to the host with an FTP tunnel, another alias to the same host with an e-mail tunnel, and so on. To set up an FTP tunnel in the 1.0.2 client, follow these steps:

1. Start F-Secure using the alias you saved to the desktop.
2. Click Properties and then click Forward. Make sure that Local is selected.
3. Click New. The Edit Local Forwarding dialog box appears, as shown in Figure 26.23.
   

   Figure 26.23 Manually enter the information for your tunnel in the Edit Local Forwarding dialog box.

4. In the Edit Local Forwarding dialog box, enter a name for your tunnel and then enter a source port. This is the port to be used (listened to) on your local machine. Port 21 is the default FTP port.
5. Enter a destination host. Again, port 21 is the default FTP port. Use port 21, unless you have been told otherwise. Make sure that Allow local connections only is checked, and click OK.
6. Once you have entered your tunnel information, you are returned to the Forward tab of the Properties dialog box. Click OK. Figure 26.24 shows what the Forward tab looks like after you have made a tunnel.
   

   Figure 26.24 An FTP tunnel has been created for the remote host.

7. Continue to log in. After you have successfully logged in to the remote machine, choose Save under the File menu to save your changes. Now your desktop alias includes the additional tunnel information.

Setting Up an FTP or E-mail Client

Use the same procedures described in the section on the F-Secure 2.1 client to set up an FTP or e-mail client for F-Secure 1.0.2. Note that because philosophies are the same, any special setup work that you might already have made for 2.1 tunnels might work for 1.0.2 tunnels.

If you are making 1.0.2 aliases for a host that you already made 2.1 tunnels for, the same FTP or e-mail client settings that you made earlier should work. If you are making 1.0.2 tunnels for a different host, you will want to make sure that you don't have connections to both hosts open at the same time. Otherwise, your FTP and e-mail clients will be confused about which tunnel to use.

If you are making 1.0.2 tunnels for a different host, you might want to try to make new settings in your FTP and e-mail clients. You can do this by trying to use different ports on your local machine. If you can do this in your FTP and e-mail clients, be sure to edit the local port information of your 1.0.2 tunnels to reflect the ports in the FTP and e-mail clients. For example, you might want to set up your FTP client to FTP through a tunnel to host A, which has an FTP server on port 21. You might also want to set up a tunnel to host B, which also has an FTP server on port 21. Because the FTP client obeys the F-Secure tunnel information, it does not care which port the server runs on. It only cares which port it should use locally. If you wanted to be able to have both FTP tunnels open at the same time, you could set the local port for the host whose FTP you would use most often to the default, 21. Then you could set an alternative port, such as 31, as the local port for the host that you would not FTP to as often. For the host for which you would use the default port setting of 21, there is nothing special you need to do in the FTP client. For the host for which you would use the alternate port setting of 31, you do need to specify that port in the FTP client. Neither Fetch nor Anarchie has a separate port setting. In Anarchie, to specify the alternative port, use this syntax for the host:

localhost:31

Unfortunately, this syntax does not work in Fetch. Of course, for the setting in Anarchie to work, the local source port should be set to 31 in the F-Secure SSH package.

Setting Up Other Tunnels

As you have seen in the section on setting up an FTP tunnel, setting up any arbitrary TCP tunnel in F-Secure 1.0.2 is no different than setting up an FTP tunnel. Make as many tunnels as you need in the Forward section of the Properties box. You can make tunnels only before you have logged in. After you have logged in, you can only view your tunnels.

Because 1.0.2 does not give you any hints, it might be useful to know that the default POP port is 110; IMAP, 143; SMTP, 25. If you want to tunnel any other common services, check the default TCP tunnel services that the 2.1 client lists.

The only type of connection that you might be interested in forwarding is an X11 connection. As with the 2.1 client, activating X11 forwarding in the 1.0.2 is also a matter of checking the X11 forwarding box, which is located in the Connection section of Properties, as shown in Figure 26.25.

Figure 26.25 Check the Forward X11 box in the Connection section of Properties to enable X11 forwarding.

Using scp in Nifty Telnet SSH

The freely available package, Nifty Telnet 1.1 SSH r3, was for a while illegal to use in the United States. However, some patent restrictions have been lifted, and it is now legal to use here. Nifty Telnet does not provide any tunneling capabilities—only terminal and scp. Because the package was illegal to use in the United States, we have not done much testing. However, its scp feature might be of interest to you. Because Nifty Telnet is an SSH1 client, and OpenSSH's scp is at this time only SSH1-capable, the products work nicely together. Where possible, however, we still recommend that you use the SSH2 protocol, which is under current development, rather than the SSH1 protocol.

We will now provide an example of using Nifty Telnet's scp to copy a file from a remote OS X host to our local Mac OS machine.

1. When you first start Nifty Telnet, the New Connection dialog appears, as shown in Figure 26.26. Fill in your host information and then click on scp.
   

   Figure 26.26 Enter the remote host name and select scp in the New Connection dialog.

2. After you have selected scp, a new dialog box appears, as shown in Figure 26.27. In this dialog, you should first specify whether you want to receive files from the remote host or send files to the remote host.
   

   Figure 26.27 Specify which files are to be copied, where, and how in the dialog box that comes up next.

3. Next, specify which files are to be transferred and provide a destination path. Select a file transfer mode and then click OK.
4. If this is the first time that you are connecting to a host, the Host Identification Alert dialog appears, as shown in Figure 26.28. If you expect to regularly connect to the host, click Accept & Save. In this example, we have chosen to Accept Once for the time being.
   

   Figure 26.28 Tell Nifty Telnet in the Host Identification Alert dialog box whether it should accept and save the host key from an unknown host, or whether it should accept once.

5. Before the transfer is actually initiated, the SSH Login dialog appears, as seen in Figure 26.29. Enter your username and password so that the scp process can begin.
   

   Figure 26.29 The SSH Login dialog for Nifty Telnet.

Share This