Mac OS X comes with the sshd server, which provides secure login capability using the SSH (Secure Shell) protocol. We covered SSH in some detail in Chapters 10 ("Connecting over the Internet") and 12 ("Security"). In an SSH connection, all traffic between client and server is encrypted. Activating the SSH server enables other machines to connect to yours over the Internet using the SSH protocol. Review Chapter 10 for more on using ssh , scp , sftp , and other SSH-based tools.
You can activate and deactivate the SSH server by going to the Sharing pane of System Preferences, clicking the Services tab, and selecting or deselecting the Remote Login box, but here's the Unix way (actually, this is the Darwin waymost other Unix systems would use a different series of steps).
The SSH server listens on port 22. If you are using firewall software, make sure that access to port 22 is not blocked.
To activate the SSH server:
Tips
In Mac OS X 10.3 the SSH daemon was run using the xinetd daemon. The configuration file was /etc/xinetd.d/ssh , and you could change the
disable = yes
line to
disable = no
and then do
sudo kill -HUP `cat/var/run/xinetd. pid`
(note that those are backquotes [ ` ], not apostrophes [']).
In Mac OS X 10.2 and earlier, sshd was controlled by a StartupItem similar to the AppleShare StartupItem covered in tasks above, and so in 10.2 and 10.1 you can use the same approach for sshd that we showed you for the AppleFileServer.
Incoming SSH connections are logged to /var/log/secure.log .
To shut down the SSH server from the command line:
Tips
Be careful about doing this when logged in using SSH! Your current connection will continue to work, but you will not be able to start a new one.
In Mac OS X 10.3 you can stop sshd by editing /etc/xinetd.d/ssh and setting the disable property to yes , and then doing
sudo kill -HUP `cat /var/run/xinetd. pid`
In Mac OS X10.2 you can use an approach similar to the one described earlier in this chapter for AppleShare. The SSH StartupItem in 10.2 is /System/Library/StartupItems/SSH/SSH , and the entry in /etc/hostconfig is SSHSERVER .