Section 11.6. Remote Login Services

There may come a time when you need to log into your Mac from another machine or log into another Mac (or Unix system) from your machine. For this, Mac OS X offers remote login services such as the Secure Shell , Telnet , and the remote shell.

11.6.1. The Secure Shell

The Secure Shell (SSH) is a protocol for using key-based encryption to allow secure communication between machines. As its name suggests, it is most commonly used for interactive sessions with shells on remote machines, so that you can use the ssh command.

Mac OS X ships with the OpenSSH (http://www.openssh.com) client and server software. This includes the ssh command, which you use to open SSH connections to other machines, and the sshd daemon program, which you run to allow other machines to SSH into your Mac.

As with FTP (see the earlier section "File Transfer Protocol (FTP)"), running an SSH service (the sshd daemon) on Mac OS X is easy: just activate the Remote Login checkbox in the Sharing pane.

11.6.2. Telnet

Mac OS X versions prior to 10.1.0 shipped with telnetd , a daemon that runs the Telnet protocol, as its default remote login server. Telnet is a decades-old method for getting a virtual terminal on a remote machine through a network. However, it's inherently insecure , because all its transmissions are cleartext , lacking any sort of encryption, and hence easily readable by malevolent entities monitoring the traffic that enters and leaves your network. Use of Telnet has, in recent years , fallen out of favor for Internet-based remote logins now that such tools as SSH are freely available.

If you must, you can run telnetd on your Mac OS X machine. You'll find it in /usr/libexec/telnetd but won't be able to launch it directly from there. telnetd is one of several network services, including ftpd and sshd , controlled by the super-server process xinetd , which listens on the network for service requests and launches the proper daemon on-demand. The easiest way to have xinetd begin passing Telnet requests to telnetd is to run the service command (a script, actually) as root:

 sudo service telnet start 

This command modifies the proper xinet.d file ( /etc/xinet.d/telnet ) to enable Telnet services and then force xinetd to re-read its configuration files. Once the command is performed, any incoming Telnet requests will cause telnetd to launch and receive that connection. To turn this off, simply run the similar command:

 sudo service telnet stop 

If you do enable telnetd , consider carefully configuring your firewall to allow Telnet connections only from other machines on the local subnetwork. Incoming Telnet traffic from the global Internet can be snooped by outside eavesdroppers, even if connections are limited to trusted machines. Logging into a machine through Telnet is tantamount to shouting your password across a crowded roomful of strangers so that your friend down the hall can hear it. Whenever possible, use ssh instead of telnet .

11.6.3. The Remote Shell

The remote shell , or RSH, is used to issue commands on another system. The rsh command allows you to quickly log in and execute a command on a remote host; however, like Telnet, rsh is insecure and has been disabled under Mac OS X. You should use SSH instead for remote access to other machines.