22.5. Virtual Private Networking

 <  Day Day Up  >  

22.4. Remote Access with SSH

Are you a geek? Take this simple test at home. Do you get excited about Mac OS X's ability to permit SSH access?

If you answered "What's SSH?" or "I'm already being quiet," then the following discussion of Unix remote control may not interest you. To be sure, SSH is not a program with a graphic user interface (icons and menus ). You operate it from within a program like Terminal by typing commands, exactly as described in Chapter 16.

If you're willing to overlook that little peccadillo, though, SSH (Secure Shell) is an extremely powerful tool. It lets you connect to your Mac from anywhere ”from across the network or across the Internet. And once you're connected, you can take complete control of it, copying files, running commands, rearranging folders, or even shutting it down, all by remote control.

FREQUENTLY ASKED QUESTION
Connecting Through a Router

I want to connect to my home network from the road. Trouble is, I have a router that shares my broadband modem with a bunch of Macs. How do I get into one specific Mac? It doesn't really have a "real" IP address, because the router is sharing the cable modem's signal !

It's possible ”just complicated.

Most home broadband routers offer a feature called port forwarding , in which signals intended for a specific port (Section 22.4) on the router (port 22 for ssh , for example) get passed on to whichever computer on the network you've designated. (You specify this using the router's management software.) You can specify a different machine for different ports: All port-80 communications goes to one machine doing Web serving, for example; all 548 goes to another machine doing file sharing, and so on.

Even if you're enough of a technical mastermind to set up this port-forwarding business, however, you still won't be able to access two different machines using the same port. For some services, including ssh and Timbuktu, you can work around this limitation by logging into the machine specified for port forwarding, and then from that machine, log into the others on the rest of the network.


22.4.1. Getting In

Here's how you go about using SSH:

  1. Set up your Mac by opening the Sharing panel of System Preferences, and then turning on the Remote Login checkbox .

    You've just told the Mac it's OK for you (or other people with accounts on your machine) to connect from the road. Quit System Preferences.

  2. Go away .

    You can move to another machine on the network, or another computer on the Internet. Once you're online with that other machine, you can contact your homebase machine from within a program like Terminal.


    Tip: It doesn't have to be Terminal, and it doesn't have to be a Mac. You can get SSH client programs for almost any kind of computer, including Windows and Mac OS 9.For pre “Mac OS X Macs, for example, you can try MacSSH or NiftyTelnet SSH, both of which you can download from this book's "Missing CD" page at www.missingmanuals.com.To find SSH programs for Windows, visit www. versiontracker .com, click the Windows tab, and search for SSH .
  3. At the prompt, type ssh -l chris 111.222.3.44 . Press Enter .

    Instead of chris , substitute your short account name (as you're known on the Mac you're tapping into), and replace the phony IP address shown here with your real one. (If your Mac back home has a domain name unto itself, such as macmania.com , you can type that instead of the IP address.)

    If all goes well, the ssh command acknowledges your first successful connection by displaying a message like this: "The authenticity of host '172.24.30.189 (172.24.30.189)' can't be established. RSA key fingerprint is d9:f4:11:b0:27:1a: f1: 14:c3:cd:25:85:2b:78:4d:e7. Are you sure you want to continue connecting (yes/no)?" (This message won't appear on subsequent connections.) You're seeing SSH's security features at work.

    FREQUENTLY ASKED QUESTION
    Where Did Telnet Go?

    How do I telnet into my Mac OS X machine ?

    telnet and ssh are very similar in concept. But the problem with telnet is that it's more susceptible to hackers.

    The ssh networking program, on the other hand, is extremely secure, immune to all kinds of the hacker attacks you may have read about: IP spoofing, IP source writing, DNS spoofing, and so on. That's why Apple replaced its telnet feature with ssh beginning way back in Mac OS X 10.1.

    Apple also hopes that Unix-savvy Mac fans will recognize ssh to be a superior replacement for such remote control Unix programs as rlogin, rsh , and rcp (via scp ), for that matter.


  4. Type yes and press Enter .

    Now you see one more note: "Warning: Permanently added '172.24.30.189' (RSA) to the list of known hosts ." You're then asked for your account password.

  5. Type your account password and press Enter .

    You're in. Issue whatever commands you want. You can now conduct a full Unix Terminal session as described in Chapters 16 and 17 ”but by remote control.


Tip: For a more thorough description of SSH and its options, type man ssh at the prompt.

22.4.2. Remote Control Program Killing

One of the most common uses of SSH is quitting a stuck program. Maybe it's a program that doesn't respond to the usual Force Quit commands ”maybe even the Finder or Terminal. Or maybe, having just arrived in Accounting on the fifth floor, you realize that you accidentally left your Web browser, open to Dilbert.com, up on your screen in clear view of passersby.

In any case, you'd fire up Terminal and proceed like this (what you type is shown in bold; the Mac's responses are in normal type):

 home-mac:~ chris$  ssh 172.24.30.182  The authenticity of host '172.24.30.182 (172.24.30.182)' can't be established.  RSA key finger print is d9:f4:11:b0:27:1a:f1:14:c3:cd:25:85:2b:78:4d:e7. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.24.30.182' (RSA) to the list of known hosts. chris@172.24.30.189's password:  fisheggs  Last login: Thu Nov 13 17:23:38 2005 Welcome to Darwin! office-mac:~ chris$  top  

The top command, as described in Chapter 16, displays a list of running programs. After a block of memory statistics, you might see a list like this:

 294 top     6.5% 0:01.10 1 16 26 276K 416K 652K 27.1M 293 bash     0.0% 0:00.03 1 12 15 168K 856K 768K 18.2M 292 login    0.0% 0:00.01 1 13 37 140K 408K 492K 26.9M 291 Terminal  0.0% 0:05.50 3 60 115 2.99M 5.41M 6.59M 149M 287 HotKey    0.0% 0:00.34 4 151 78 760K 2.24M  2.67M 96.5M 283 Finder   0.0% 0:02.04 2 89 162 3.95M 17.1M 15.5M 165M 282 SystemUISe  0.9% 0:01.51 2 241 327 3.03M 7.85M 8.54M 158M 281 Dock     0.0% 0:00.24 2 77 132 780K 10.7M  2.80M  139M 

As you can see, the Finder is process number 283. If that's the stuck program, then, you could quit it like so:

 office-mac:~ chris$  kill 283  

Or if you're sure of the program's exact name, just use the killall command with the program's name instead of its process ID. To handle a stuck Finder, you would type this:

 office-mac:~ chris$  killall Finder  

Either way, the Finder promptly quits (and relaunches in a healthier incarnation, you hope). You could also, at this point, type shutdown -h now to make your Mac, elsewhere on the network, shut down. (Terminal doesn't type any kind of response.)

If you ended your SSH session by shutting down the other Mac, you can just close the Terminal window now. Otherwise, type exit to complete your SSH session.

 <  Day Day Up  >  


Mac OS X. The Missing Manual
Mac OS X Snow Leopard: The Missing Manual (Missing Manuals)
ISBN: 0596153287
EAN: 2147483647
Year: 2005
Pages: 506
Authors: David Pogue

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net