8.1 Remote Logins | Learning Unix for Mac OS X Panther

There may be times when you need to access your Mac, but you can't get to the desk it's sitting on. If you're working on a different computer, you may not have the time or inclination to stop what you're doing, walk over to your Mac, and log in ( laziness may not be the only reason for this: perhaps someone else is using your Mac when you need to get on it or perhaps your Mac is miles away). Mac OS X's file sharing (System Preferences Sharing) can let you access your files, but there may be times you want to use the computer interactively, perhaps to move files around, search for a particular file, or perform a system maintenance task.

If you enable Remote Login under System Preferences Sharing, you can access your Mac's Unix shell from any networked computer that can run SSH (http://www.ssh.com), OpenSSH (http://www.openssh.org), or a compatible application such as PuTTY (a Windows implementation of SSH available at http://www.chiark.greenend.org.uk/~sgtatham/putty/). SSH and OpenSSH can be installed on many Unix systems, and OpenSSH is included with many Linux distributions, including Mac OS X.

Figure 8-1 shows how remote login programs such as ssh work. In a local login, you interact directly with the shell program running on your local system. In a remote login, you run a remote-access program on your local system; that program lets you interact with a shell program on the remote system.

Figure 8-1. Local login, remote login

When you enable Remote Login, the Sharing panel will display instructions for logging into your Mac from another computer. This message is shown in Figure 8-2.

Figure 8-2. Instructions for remote access to your Mac

To log into your Mac from a remote Unix system, use the command displayed in the Sharing panel, as shown in the following sample session where a user on a Red Hat Linux system is connecting to a Mac OS X computer (the first time you connect, you'll be asked to vouch for your Mac's authenticity):

 Red Hat: taylor $  ssh taylor@192.168.1.100  The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established. RSA key fingerprint is 86:f6:96:f9:22:50:ea:4c:02:0c:58:a7:e4:a8:10:67. Are you sure you want to continue connecting (yes/no)?  yes  Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts. taylor@192.168.1.100's password:  Last login: Thu Sep 25 10:27:58 2003 Welcome to Darwin! ~ 452 $

To log in to your Mac from a Windows machine using PuTTY, launch the PuTTY application, specify SSH (the default is to use the Telnet protocol described later), and type in your Mac OS X system's IP address as shown in the Mac's Sharing panel. PuTTY will prompt you for your Mac OS X username and password. Figure 8-3 shows a sample PuTTY session.

Figure 8-3. Connecting to Mac OS X with PuTTY

8.1.1 Web and FTP Access

You can also use the Sharing preferences panel to enable your system's web and FTP server. Start Personal Web Sharing to enable the web server. Other users can access the main home page (located in /Library/WebServer/Documents ) using http://address , where address is your machine's IP address or hostname (see the sidebar "Remote Access and the Outside World" if you are using an Airport Base Station or other router between your network and the Internet).

Remote Access and the Outside World

If your Macintosh has an IP address that was assigned by an AirPort Base Station, then it's very likely that your machine will not be visible to the outside world. Because of this, you will only be able to connect to your Mac from machines on your network. You can allow remote users to connect by using the AirPort Admin Utility Show All Settings Port Mapping (for Remote Login via ssh, you must map port 22 to your Macintosh; use port 80 for Personal Web Sharing). Other SoHo (Small Office/Home Office) gateways may support this feature as well.

If you use this technique, the IP address shown on the Sharing panel will be incorrect. You should use your AirPort Base Station's WAN address when you connect from a computer outside your network.

Start FTP Access to enable remote users to use FTP to connect to your system. Again, remote users should use your machine's IP address or hostname to connect.

8.1.2 Remote Access to Other Unix Systems

You can also connect to other systems from Mac OS X. To do so, launch the Terminal application. Then start a program that connects to the remote computer. In addition to ssh , some typical programs for connecting over a computer network are telnet , rsh (remote shell), or rlogin (remote login). All of these are supported and included with Mac OS X. In any case, when you log off the remote computer, the remote login program quits and you get another shell prompt from your Mac.

The syntax for most remote login programs is:

   program-name remote-hostname

For example, when Dr. Nelson wants to connect to the remote computer named biolab.medu.edu , she'd first make a local login to her Mac named fuzzy by launching Terminal. Next , she'd use the telnet program to reach the remote computer. Her session would look something like this:

 Welcome to Darwin! ~ 452 $  telnet biolab.medu.edu  Medical University Biology Laboratory    biolab.medu.edu login:  jdnelson  Password:    biolab$ . . . biolab$  exit  Connection closed by foreign host. ~ 453 $

Her accounts have shell prompts that include the hostname. This reminds her when she's logged in remotely. If you use more than one system but don't have the hostname in your prompt, see Section 1.3.1 in Chapter 1 or Section 10.1 in Chapter 10 to find out how to add it.

Actually, Dr. Nelson would be unwise to use telnet to connect to the remote system, because ssh is a much more secure alternative and is highly preferred. However, some remote sites still stick with telnet , and while it's important to encourage them to switch to ssh -only access, you will still sometimes find yourself using telnet , as shown here.

Also, when you're logged on to a remote system, keep in mind that the commands you type will take effect on the remote system, not your local one! For instance, if you use lpr to print a file, the printer it comes out of may be very far away.

The programs rsh (also called rlogin ) and ssh generally don't give you a login : prompt. These programs assume that your remote username is the same as your local username. If they're different, give your remote username on the command line of the remote login program, as shown in the next example.

You may be able to log in without typing your remote password or passphrase. ^[1] Otherwise, you'll be prompted after entering the command line.

^[1] In ssh , you can run an agent program, such as ssh-agent , that asks for your passphrase once, then handles authentication every time you run ssh or scp afterward.

Following are four sample ssh and rsh command lines. The first pair shows how to log in to the remote system, biolab.medu.edu , when your username is the same on both the local and remote systems. The second pair shows how to log in if your remote username is different (in this case, jdnelson ); note that the Mac OS X versions of ssh and rsh may support both syntaxes shown depending on how the remote host is configured:

 $  ssh biolab.medu.edu  $  rsh biolab.medu.edu  $  ssh jdnelson@biolab.medu.edu  $  rsh -l jdnelson biolab.medu.edu

About Security

Today's Internet and other public networks have users who try to break into computers and snoop on other network users. While the popular media calls these people hackers , most hackers are self-respecting programmers who enjoy pushing the envelope of technology. The evildoers are better known as crackers . Most remote login programs (and file transfer programs, which we cover later in this chapter) were designed 20 years ago or more, when networks were friendly places with cooperative users. Those programs (many versions of telnet and rsh , for instance) make a cracker's job easy. They transmit your data, including your password, across the network in a way that allows even the most inexperienced crackers to read it. Worse, some of these utilities can be configured to allow access without passwords.

SSH is different; it was designed with security in mind. It sends your password (and everything else transmitted or received during your SSH session) in a secure way. A good place to get more details on SSH is the book SSH: The Secure Shell , by Daniel J. Barrett and Richard Silverman (O'Reilly).