Allowing Remote Login
Although FTP isn’t secure, Mac OS X includes a different service that is. This service provides encrypted communications between your computer and others on the Internet or any network that is not secure. Other computer users can log in to your computer and copy files back and forth. These remote users of your computer can also control it with Unix commands that they type on their computers.
Mac OS X provides remote login through included OpenSSH server software. OpenSSH is a public version of SSH (secure shell), which provides secure, encrypted communications between two computers over the Internet or any network that is not secure. OpenSSH encrypts all communications and data transfer, preventing eavesdropping, hijacking of connections, and other network attacks.
OpenSSH is actually several software tools that replace several insecure Unix tools. The ssh tool provides remote login and command-line sessions, replacing login and telnet. The scp tool provides file copying, replacing rcp and some FTP functions. The sftp tool provides easier file transfer, replacing FTP.
Because OpenSSH is better for file transfer than FTP, you may wonder why more and better FTP client applications are available. The reason is simple: FTP has been around for decades and OpenSSH has been around only a few years.
Turning remote login on or off
You can turn remote login on or off easily. First, open System Preferences and then choose View Sharing (or click the Sharing button). In the Sharing preference pane, click the Services tab and then select Remote Login in the Service list. Then click the Start button to turn it on or off. Figure 16-9 shows remote login ready to be turned on in the Sharing preference pane.
Figure 16-9: Turn Mac OS X’s remote login services on or off in the Sharing pane of System Preferences.
If the Sharing preference pane settings are locked, you must unlock them before you can turn remote login on or off. The settings are dim when locked, and the lock button looks locked. To unlock the settings, click the lock button and enter an administrator’s user account name and password in the dialog that appears.
| Note | The first time you turn on the Remote Login option, you may have to wait a minute or so before a check mark appears in the checkbox. While you’re waiting for the OpenSSH service to start up, don’t become impatient and click in the checkbox repeatedly, or you may induce the condition where remote login appears to be turned on but the OpenSSH service is not actually started. If this happens, remote login may appear to be turned on yet no one is able to connect to your computer by using an SSH client application on another computer. In this case, you can fix the problem by restarting your computer. |
Connecting for remote login
When your computer has remote login turned on, other computer users can connect to your computer using SSH client software.
Connecting with the Terminal application
Mac OS X includes an SSH client that can be used from the Terminal window. This means another Mac OS X user can log in to your computer by opening the Terminal application and typing a Unix command similar to the following:
ssh -lusername 192.168.0.1
In this command, -lusername must be replaced with the remote user’s short name on your computer, for example -lcraigz. The -l stands for login; it passes that username to ssh. The -lusername part of the command can be omitted if the remote user has the same short name on your computer and on the remote computer he or she is using.
The IP address must be your computer’s IP address or your computer’s name, if you have obtained one for it as described at the beginning of this Chapter.
| Note | You may need to wait a moment or so after entering an ssh command for the remote computer to respond, depending upon the speed of the network between your computer and the remote computer. |
After logging in to your computer, the remote user can type additional Unix commands in the Terminal application to control your computer. Figure 16-10 shows a Terminal session in which craigz connects remotely to the computer whose IP address is 192.168.2.200 and then uses the w command to see who is using the remote computer.
Figure 16-10: Use the ssh command in the Terminal window to log in remotely and control the remote computer with Unix commands.
Using Transmit For SFTP Transfers
SFTP is part of the OpenSSH package. It is designed to be a replacement for a standard FTP client. SFTP uses an encrypted ssh transport to transfer files from your computer to an SFTP server. Think of SFTP as a safer alternative to FTP. Because the transport is encrypted, neither your login information nor the files you are transferring are visible to an outsider. If someone does sniff the network traffic all they will see is encrypted noise rather than clear text information. SFTP is installed as /usr/bin/sftp and is available as a command line client from the Terminal application.
If you wish to use a GUI front end to SFTP, Transmit includes an SFTP mode for copying files between computers via SFTP using Transmit’s familiar FTP browser interface. Simply select Secure (SFTP) from the protocol pop-up menu item in the right pane of the Transmit window, where you enter your login information. See Figure 16-11.
Figure 16-11: Transmit, can log into another computer’s SFTP server and securely copy files by using the same two-pane view as it uses for FTP.
EAN: 2147483647
Pages: 290