|< Day Day Up >|
Browsing the Web: lynx
lynx is a command-line web client. Surprising as it might seem, many people prefer browsing the World Wide Web in a text-only application. There are, of course, many pages that simply can't be browsed without a graphics-capable application, but those pages are written by people who aren't concerned with making their information as widely available as possible and don't seem to be of interest to people who prefer to browse in text only.
The basic syntax of lynx is lynx <URL>. This gives you a textual representation of the page and a few lines of prompting information as to what you can do from there. For example, looking at http://www.apple.com/, lynx produces the following output:
Not bad, it's useable, and it sure loads faster than all those fancy graphics if you've got a slow connection!
If you want to move down the page, you can press the spacebar. Use the up- and down-arrow keys to move from link to link. Use the right-arrow key or press the Return key to select a link. The right-arrow and left-arrow keys take you, somewhat predictably, to the target of the currently selected link or back to the previous page. As you might have noticed, some of the comments we have made here appear at the bottom of the screen output. As you use lynx, it provides helpful hints on what you might want to do. These appear near the bottom of the screen and contain helpful information, such as how to enter text in a text entry field or move to the next page by using the spacebar.
Because you don't have a mouse and cursor with which to navigate pages being displayed in lynx, a number of keyboard commands are available to perform various actions. Table 13.1 shows common one-key commands within lynx.
A veritable plethora of additional one-key options are explained in the lynx help, under the Key-stroke Commands heading.
The lynx browser also sports a wide range of command-line options that enable or modify advanced behaviors. These include items such as sending the data to STDOUT and collecting a list of the URLs contained in the document.
Finally, it should be mentioned that lynx, like much Unix software, works great as a command-line building-block utility. Ever wanted to process the contents of a web page, perhaps to do something such as collect all the links from someone's page of interesting links, without having to dig through the source by hand? Using the -dump option causes lynx to send the target document of the URL to STDOUT, followed by a list of the URLs in the document. For example, if you wanted to collect a list of URLs to the files available on http://www.macosxunleashed.com/ (specifically, the stuff in the downloads subdirectory), you could use lynx like this:
[ryoohki:~/downloads] sage% lynx -dump http://www.macosxunleashed.com/downloads/ Index of /downloads * Parent Directory * 26FIG112.gif * 26FIG133.gif * CGvirusscan.tgz * Python-2.2.tgz * addme.c * appendix.pdf * arpwatch.tar.Z * clref.pdf * cupsomatic * file * gdbm-1.8.0.tar.gz * ispell-3.1.20.tar.gz * ispell-english.zip * jpegsrc.v6b.tar.gz * libpng-1.0.10.tar.gz * logsentry-1.1.1.tar * lynx.1 * lynx.10_1.gz * lynx.cfg * lynx.gz * majora.tar.gz * netpbm-9.12.tgz * nmap-2.54BETA25.tar.gz * page1440.pdf * parallel * pine4.43.tar.Z * portsentry-1.0.tar.gz * portsentry-2.0b1.tar.gz * postpipe * serial * serial-darwin * spell-1.0.tar.gz * termcap-1.3.tar.gz * unleashed.jpg Apache/1.3.33 Server at www.macosxunleashed.com Port 80 References 1. http://www.macosxunleashed.com/ 2. http://www.macosxunleashed.com/downloads/26FIG112.gif 3. http://www.macosxunleashed.com/downloads/26FIG133.gif 4. http://www.macosxunleashed.com/downloads/CGvirusscan.tgz 5. http://www.macosxunleashed.com/downloads/Python-2.2.tgz 6. http://www.macosxunleashed.com/downloads/addme.c 7. http://www.macosxunleashed.com/downloads/appendix.pdf 8. http://www.macosxunleashed.com/downloads/arpwatch.tar.Z 9. http://www.macosxunleashed.com/downloads/clref.pdf 10. http://www.macosxunleashed.com/downloads/cupsomatic 11. http://www.macosxunleashed.com/downloads/file 12. http://www.macosxunleashed.com/downloads/gdbm-1.8.0.tar.gz 13. http://www.macosxunleashed.com/downloads/ispell-3.1.20.tar.gz 14. http://www.macosxunleashed.com/downloads/ispell-english.zip 15. http://www.macosxunleashed.com/downloads/jpegsrc.v6b.tar.gz 16. http://www.macosxunleashed.com/downloads/libpng-1.0.10.tar.gz 17. http://www.macosxunleashed.com/downloads/logsentry-1.1.1.tar 18. http://www.macosxunleashed.com/downloads/lynx.1 19. http://www.macosxunleashed.com/downloads/lynx.10_1.gz 20. http://www.macosxunleashed.com/downloads/lynx.cfg 21. http://www.macosxunleashed.com/downloads/lynx.gz 22. http://www.macosxunleashed.com/downloads/majora.tar.gz 23. http://www.macosxunleashed.com/downloads/netpbm-9.12.tgz 24. http://www.macosxunleashed.com/downloads/nmap-2.54BETA25.tar.gz 25. http://www.macosxunleashed.com/downloads/page1440.pdf 26. http://www.macosxunleashed.com/downloads/parallel 27. http://www.macosxunleashed.com/downloads/pine4.43.tar.Z 28. http://www.macosxunleashed.com/downloads/portsentry-1.0.tar.gz 29. http://www.macosxunleashed.com/downloads/portsentry-2.0b1.tar.gz 30. http://www.macosxunleashed.com/downloads/postpipe 31. http://www.macosxunleashed.com/downloads/serial 32. http://www.macosxunleashed.com/downloads/serial-darwin 33. http://www.macosxunleashed.com/downloads/spell-1.0.tar.gz 34. http://www.macosxunleashed.com/downloads/termcap-1.3.tar.gz 35. http://www.macosxunleashed.com/downloads/unleashed.jpg
If you wanted to parse just the URLs out of this output, you could simply run lynx and pipe the output though grep looking for URL patterns. Something like lynx -dump http://www.macosxunleashed.com/downloads/ | grep "http:" will produce the following output:
[ryoohki:~ downloads] sage% lynx -dump http://www.macosxunleashed.com/downloads/ | grep "http:" 1. http://www.macosxunleashed.com/ 2. http://www.macosxunleashed.com/downloads/26FIG112.gif 3. http://www.macosxunleashed.com/downloads/26FIG133.gif 4. http://www.macosxunleashed.com/downloads/CGvirusscan.tgz 5. http://www.macosxunleashed.com/downloads/Python-2.2.tgz 6. http://www.macosxunleashed.com/downloads/addme.c 7. http://www.macosxunleashed.com/downloads/appendix.pdf 8. http://www.macosxunleashed.com/downloads/arpwatch.tar.Z 9. http://www.macosxunleashed.com/downloads/clref.pdf 10. http://www.macosxunleashed.com/downloads/cupsomatic 11. http://www.macosxunleashed.com/downloads/file 12. http://www.macosxunleashed.com/downloads/gdbm-1.8.0.tar.gz 13. http://www.macosxunleashed.com/downloads/ispell-3.1.20.tar.gz 14. http://www.macosxunleashed.com/downloads/ispell-english.zip 15. http://www.macosxunleashed.com/downloads/jpegsrc.v6b.tar.gz 16. http://www.macosxunleashed.com/downloads/libpng-1.0.10.tar.gz 17. http://www.macosxunleashed.com/downloads/logsentry-1.1.1.tar 18. http://www.macosxunleashed.com/downloads/lynx.1 19. http://www.macosxunleashed.com/downloads/lynx.10_1.gz 20. http://www.macosxunleashed.com/downloads/lynx.cfg 21. http://www.macosxunleashed.com/downloads/lynx.gz 22. http://www.macosxunleashed.com/downloads/majora.tar.gz 23. http://www.macosxunleashed.com/downloads/netpbm-9.12.tgz 24. http://www.macosxunleashed.com/downloads/nmap-2.54BETA25.tar.gz 25. http://www.macosxunleashed.com/downloads/page1440.pdf 26. http://www.macosxunleashed.com/downloads/parallel 27. http://www.macosxunleashed.com/downloads/pine4.43.tar.Z 28. http://www.macosxunleashed.com/downloads/portsentry-1.0.tar.gz 29. http://www.macosxunleashed.com/downloads/portsentry-2.0b1.tar.gz 30. http://www.macosxunleashed.com/downloads/postpipe 31. http://www.macosxunleashed.com/downloads/serial 32. http://www.macosxunleashed.com/downloads/serial-darwin 33. http://www.macosxunleashed.com/downloads/spell-1.0.tar.gz 34. http://www.macosxunleashed.com/downloads/termcap-1.3.tar.gz 35. http://www.macosxunleashed.com/downloads/unleashed.jpg
The -dump option turns out to be useful for doing things that don't relate to processing the URLs as well, such as downloading files from FTP or HTTPD servers. You see examples of this use of lynx during the software installs in Chapter 14. Table 13.2 shows the lynx syntax and most interesting options.
Accessing FTP Servers: ftp
ftp is the command name for the program that implements the FTP protocol (creative, no?). On the Macintosh, the Anarchie and Fetch programs have historically been the FTP clients of preference, and both of these provide features sadly lacking in the default command-line ftp interface. The command-line interface, however, is again a quick and convenient way to get or put a file or three without needing to launch a graphical client. It also tends to be better for diagnosis purposes when an FTP transfer fails or when a file can't be found. All the messages from the server can be seen immediately and are directly in response to the commands you issue, so if something's wrong, it's much clearer at what point it went that way.
To connect to a remote site using ftp, simply issue the command as ftp <ftp site>. Presuming that all goes well, this command connects you to the remote site and requests your user ID and password. If you're trying to connect to a public site, the default guest user ID is anonymous. After that, the site asks you for a password, which if you're connecting as an anonymous user, should be given as your email address. Responding properly to both these queries (anonymous and your email address or your correct user ID and password) takes you to an internal prompt in the ftp program from which you can traverse the site's directories and upload or download files.
Following is a sample of what you might see after connecting to a site that doesn't really want you there. This sort of information is largely hidden in the graphical FTP clients, frequently leaving you clicking Retry indefinitely; in reality, the site is trying to give you some helpful information.
[ryoohki:~/downloads] sage% ftp ftp.cis.ohio-state.edu Connected to www.cis.ohio-state.edu. 220 www.cis.ohio-state.edu FTP server (Version wu-2.6.1(1) Tue Nov 6 12:29:49 EST 2001) ready. Name (ftp.cis.ohio-state.edu:sage): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 530-Sorry, the limit of 30 users logged in has been exceeded (30). 530-We've had to cut back to avoid swamping our outside link. 530- 530-Please try again later. 530- 530-To report problems, please contact firstname.lastname@example.org. 530 Login incorrect.
And this is an example of what you might see if you have connected properly:
[ryoohki:~ downloads] sage% ftp ftp.cis.ohio-state.edu Connected to www.cis.ohio-state.edu. 220 www.cse.ohio-state.edu FTP server (Version wu-2.6.1(1) Tue Nov 6 12:29:49 EST 2001) ready. Name (ftp.cis.ohio-state.edu:sage): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 230-Hello [unknown]@ryoohki.biosci.ohio-state.edu. 230- 230-This is the anonymous FTP archive of the Computer and Information 230-Science Department and The Ohio State University. 230- 230-You are user 3 out of 30 users currently allowed in. 230- 230-This FTP server is running on a Sun Enterprise 2, with approximately 230-10GB of disk space. The directory space was recently reorganized 230-and cleaned. 230- 230-Mirrors of other sites are in /mirror 230-Everything else is in /pub 230- 230-Please report any problems to email@example.com 230- 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp>
From this ftp> prompt, you can issue commands, such as help, rhelp, get, put, cd, ls, pwd, and potentially others, depending on the server configuration. The output from the help command gives you a list of commands available to you in your client (don't worry if this looks like a long list; we cover the good ones in the text that follows), and the output of rhelp tells you about commands on the server:
ftp> help Commands may be abbreviated. Commands are: ! features mls prompt site $ fget mlsd proxy size account form mlst put sndbuf append ftp mode pwd status ascii gate modtime quit struct bell get more quote sunique binary glob mput rate system bye hash mreget rcvbuf tenex case help msend recv throttle cd idle newer reget trace cdup image nlist remopts type chmod lcd nmap rename umask close less ntrans reset unset cr lpage open restart usage debug lpwd page rhelp user delete ls passive rmdir verbose dir macdef pdir rstatus xferbuf disconnect mdelete pls runique ? edit mdir pmlsd send epsv4 mget preserve sendport exit mkdir progress set ftp> rhelp 214-The following commands are recognized (* =>'s unimplemented). USER PORT STOR MSAM* RNTO NLST MKD CDUP PASS PASV APPE MRSQ* ABOR SITE XMKD XCUP ACCT* TYPE MLFL* MRCP* DELE SYST RMD STOU SMNT* STRU MAIL* ALLO CWD STAT XRMD SIZE REIN* MODE MSND* REST XCWD HELP PWD MDTM QUIT RETR MSOM* RNFR LIST NOOP XPWD 214 Direct comments to firstname.lastname@example.org.
Usually, the commands you'll be most interested in are the ones for moving around the filesystem, and for retrieving and sending files. The commands you're most likely to use frequently are the cd and lcd commands (which are analogous to the command-line cd command for the remote and local directories, respectively) and the get and put commands (which retrieve files from the server and send files to it).
Additionally, you can ask for help on specific commands one of the more interesting ones to ask about in the listing shown is the site command:
ftp> rhelp site 214-The following SITE commands are recognized (* =>'s unimplemented). UMASK GROUP INDEX GROUPS IDLE GPASS EXEC CHECKMETHOD CHMOD NEWER ALIAS CHECKSUM HELP MINFO CDPATH 214 Direct comments to email@example.com.
The site command implements FTP-site-specific command options. You would need to contact the administrator to find out exactly what the command options are and which ones you are allowed to use.
Files that you get from the FTP server are placed into the same directory from which you issued the ftp command unless you specify otherwise by giving a download path along with the get command at the prompt.
An advantage of the ftp client included with Mac OS X is that you can eliminate some of the uses of cd and ls to navigate to where you want to be in the ftp TRee simply by issuing the ftp command with a complete URL. For example, to get the gdb-6.3.tar.gz file at ftp.cis.ohio-state.edu, you could navigate the FTP site to get to the file or you could issue this ftp command:
Table 13.3 shows the syntax and most interesting options for ftp.
Terminals in Terminals: telnet, rlogin, ssh
Because one of the primary methods for interacting with a Unix machine that you're sitting in front of is via a textual terminal, it should come as no surprise that a number of network tools are available to allow you to access remote machines through that same interface. The three primary examples of these are the telnet, rlogin, and ssh/slogin (secure shell) clients. Each of these provides a connection to a remote machine that is analogous to the one that Terminal.app provides to your local machine you get access to a command prompt and can run software on the remote machine just like software in Terminal.app on the local machine.
The telnet Program
telnet is a venerable connection program that speaks a language compatible with the over-the-wire communication protocol used by many Internet services. The protocol is a fundamental building block of much of the Internet and has been used to provide everything from web services to file transfer services to terminal services. It is, unfortunately, as trivial as it is ubiquitous and provides almost no built-in security. Because of this, terminal services implemented directly in the protocol are inherently insecure, and the telnet client and server fall into this category.
The syntax of the telnet command is telnet <host> [port number].
If you're communicating with a system that's either not connected to the Internet or run by a particularly non-security-conscious system administrator, you might actually be able to use it as a terminal application. In that case, if you issue the telnet command, you might see something like the following:
ryoohki:~ sage$ telnet krpan.killernuts.org Trying 192.168.1.10... Connected to krpan.killernuts.org (192.168.1.10). Escape character is '^]'. Red Hat Linux release 7.0 (Guinness) Kernel 2.4.2 on a 2-processor i686 login: adam Password: Last login: Thu Apr 19 19:36:23 on vc/1 You have mail. Terminal: vt100. Printer set to newsioux krpan adam %
At that point, you're at a shell prompt on the remote machine and can interact with it just as you interact with your local machine via its shell prompt in the terminal.
If everyone you know is concerned about security and has their telnet daemons disabled, there are still a number of interesting uses for the telnet client. Because many servers for other Internet applications speak the same protocol, you can use the telnet protocol to talk to them as well. It might not seem like a useful idea to be able to talk to a web server with a terminal program that doesn't understand anything about the HTTP language and can't display the data properly, but it turns out to have a number of interesting applications.
For example, your web browser tells you that a server isn't responding can you tell whether it's the web server software that's not responding or the machine that hosts it that's not responding? telnet to the HTTP port (port 80) on the server, and see what the response is. If the web server software and machine are both okay, your session should look something like this:
ryoohki:~ sage$ telnet www.biosci.ohio-state.edu 80 Trying 188.8.131.52... Connected to ryoko.biosci.ohio-state.edu. Escape character is '^]'.
If the machine is okay, but the web server software isn't speaking, the session might instead look more like this:
ryoohki:~ sage$ telnet rosalyn.biosci.ohio-state.edu 80 Trying 184.108.40.206... telnet: connect to address 220.127.116.11: Connection refused telnet: Unable to connect to remote host
If the machine is completely absent from the network, such as catbert in the following example, the response gets only to the TRying line and hangs there, well, trying I pressed Ctrl-C in the example to convince it to give up.
ryoohki:~ sage$ telnet catbert.biosci.ohio-state.edu 80 Trying 18.104.22.168... ^C
Finally, if there really isn't a machine by that name at all, you'll see
ryoohki:~ sage$ telnet dingbat.biosci.ohio-state.edu 80 dingbat.biosci.ohio-state.edu: No address associated with nodename
The rlogin Program
Whereas the telnet communication package was conceived with hardly any concern for security, the rlogin communications package was developed under the seemingly quaint notion that certain connections could be trusted, based only on their self-proclaimed credentials. Passing its data using the same unprotected protocol as telnet, rlogin is supposed to give the administrator some confidence in the identity of a connecting visitor by virtue of the fact that the connection came from a trusted port. Using it is similar to telnet, except that it doesn't accept an optional connection port and it automatically fills in your user ID on the remote system based on your local system user ID. The syntax is simply rlogin <remotehost>.
As with the telnet program, if you're connecting to machines that aren't connected to the Internet, the rlogin client is just as good as any. If you're connecting to machines that are connected to the Internet, please don't use the rlogin program, even if the remote machine makes it available. Doing so only risks your accounts and data on both local and remote machines, and the security of both machines as well.
The Secure Shell Software Suite: slogin/ssh, scp, sftp and Others
The Secure Shell collection of programs provides strongly encrypted communications between your machine and a remote server. The implementation that Apple has chosen to provide is based on the OpenSSH (http://www.openssh.org/) distribution of the protocols. The protocol requires both client software, which we cover in this chapter, and server software, which is covered in Chapter 21, "Accessing and Controlling Tiger Remotely." Here, we assume that you already have a server to talk to and detail the use of the client software on the Unix side of your Mac OS X machine to talk to your remote server.
slogin The starting point for use of the Secure Shell client is the slogin (also available under the name ssh) program. This program replaces the functionality of the telnet and rlogin programs and provides some additional capabilities as well. Unlike telnet and rlogin, slogin passes all information between the machines as encrypted data, using a public-key encryption method.
The basic use of slogin is much like that for rlogin simply issue the command slogin <machinename>, where <machinename> is the name or IP address of the remote machine to which you want to connect. If the remote machine is running a Secure Shell server and it is configured to allow you to connect, the server responds by asking for your password. If you respond correctly, you are left at a shell prompt on the remote machine and can type into it and execute commands, just as though you were in a Terminal.app window typing to your local machine.
A successful slogin attempt might look something like this:
brezup:ray testing $ slogin rosalyn.biosci.ohio-state.edu firstname.lastname@example.org's password: Last login: Tue May 13 2003 01:16:06 -0500 from dhcp065-024-074- You have new mail. ...Remote login... Rosalyn ray 1 >
Again, at this point we're at a shell prompt on the remote machine rosalyn.biosci.ohio-state.edu.
If you don't want to log in to the remote machine as the same user ID as you are on the current machine, you can specify a user ID using -l <username> after the hostname. Alternatively, you can use <username>@<hostname> to specify the user and host. If I wanted to log in to rosalyn as user testing (regardless of what user I am on my local machine), I could use this syntax:
brezup:ray testing $ slogin email@example.com firstname.lastname@example.org's password: Last login: Tue Jun 24 2003 15:30:04 -0500 You have new mail. ...Remote login... Rosalyn testing 1 >
Some system administrators choose not to allow remote logins through simple password authentication. Passwords are generally too short to be difficult for a computer to guess by simple brute-force methods. Instead, the Secure Shell suite allows the use of arbitrarily long, multiword passphrases. An slogin connection requiring this type of login looks like this:
brezup:ray testing $ slogin rosalyn.biosci.ohio-state.edu -l joray Enter passphrase for key '/Users/ray/.ssh/id_dsa': Last login: Tue Aug 06 2003 14:39:47 -0500 from cvl232015.columb You have new mail. ...Remote login... Rosalyn joray 1 >
If the remote machine is running this more restrictive security (and we recommend that you do so if you choose to enable remote connections to your machine when we get to Chapter 26, "Creating a Mail Server"), you will be asked, not for your password, but for your passphrase if you have created one. The connection will be refused if you have not created a passphrase.
Creating a passphrase involves a bit of work on your part. This is because if you really want security, you can't allow the encrypted keys that identify you to be seen on the network. Therefore, after the key has been created, you need to transfer it to the remote machine via some old-fashioned, physical method, such as writing it to a floppy disk and taking that disk directly to the remote machine.
Creating a passphrase for yourself involves the following: On your Mac OS X machine, generate a key pair by running
ssh-keygen -t <type>
The -t option specifies the key type to be generated. This can be rsa for RSA or dsa for DSA (isn't case sensitivity fun?) RSA is used in SSH1 servers, whereas either RSA or DSA can be used with SSH2 servers. RSA (which stands for Rivest-Shamir-Adelman, its developers) is the most commonly used public key algorithm. DSA, Digital Signature Algorithm, is a signature-only algorithm, based on the Diffie-Hellman discrete logarithm problem.
When you run ssh-keygen, you are asked for a passphrase to protect the private key. It is recommended that the passphrase be at least 11 characters long and include as many character types as possible: uppercase letters, lowercase letters, numbers, and special characters. Spaces may be included as part of the passphrase.
Here is a sample run:
brezup:miwa miwa $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/Users/miwa/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/miwa/.ssh/id_dsa. Your public key has been saved in /Users/miwa/.ssh/id_dsa.pub. The key fingerprint is: 7d:25:3e:87:3b:25:24:cf:5a:05:0e:1d:19:ad:67:10 miwa@brezup
As ssh-keygen tells us, user miwa does indeed have the promised keys, as shown in the following output. The private key was saved as id_dsa, and the public key was saved as id_dsa.pub; both are stored in the directory ~/.ssh/.
brezup:miwa miwa $ ls -al ~/.ssh total 16 drwx------ 4 miwa miwa 136 17 Aug 22:09 . drwxr-xr-x 12 miwa miwa 408 17 Aug 22:08 .. -rw------- 1 miwa miwa 744 17 Aug 22:09 id_dsa -rw-r--r-- 1 miwa miwa 601 17 Aug 22:09 id_dsa.pub
Next, we need to transfer the file id_dsa.pub to the remote host. Because you might be generating different keys for different hosts, it's most convenient if you rename the file first this also helps prevent you from overwriting it the next time you create a key or overwriting the key on the remote host when you transfer it. You might also want to consider using the -f option to specify a different filename when you generate your public key. However, we wanted to show you what to expect by default. Because it's your public key, it doesn't matter whether the world can see it you can copy it to your remote host via FTP, move it there with a floppy, or paste it across a logged-in terminal session.
On the remote host, the public key you just created needs to be added to the file authorized_keys (~/.ssh/authorized_keys) in the .ssh directory in your home directory (~/.ssh/). If the file does not exist, it must be created. If you copied the key over in a file, you can do this by simply using the cat command:
cat <mynewkeyfile> >> ~/.ssh/authorized_keys
When adding the new key to the file, make sure that the key is added as a single long line of data. If your key arrived in one long line of data in a file, the cat command shown will work fine. Otherwise, if you're pasting the key in via the terminal or aren't sure it's in a single long line in the file, it's best to check ~/.ssh/authorized_keys to make sure that it arrived correctly.
Having done all this, if you now try to slogin to the remote host where you just added your key (and assuming that the remote host is running sshd2!), you should be greeted with a login process asking for your passphrase rather than your password. Enter the passphrase exactly as you did to create the keys, and you will enjoy a data connection that is almost impossible to decrypt, and an access code (your passphrase) that is much more secure than a simple password.
The slogin program also provides a neat method for protecting data transmissions other than terminals. This is implemented as an encrypted tunnel between the two machines connected by the slogin terminal connection. Essentially, slogin can be instructed to watch for connections that come to your local machine, package the data from these connections, encrypt it, ship it off to the other end of the tunnel, and unpackage it again. You then use your ftp, or any other network connection program, to connect to your local machine (not the remote machine!), and slogin tunnels that connection to the remote machine and makes the connection at the other end. Because your user ID and password for the FTP server are carried over the encrypted tunnel, they're never in clear text on the network, and your login information and any data you transmit are protected.
To demonstrate this, the following slogin connection sets up a tunnel from the local machine to a remote machine named waashu, over which ftp connections can be carried.
brezup:root testing # slogin waashu.biosci.ohio-state.edu-l testing -L21:waashu:21 The authenticity of host 'waashu.biosci.ohio-state.edu (22.214.171.124)' can't be established. DSA key fingerprint is 3d:1d:6b:78:c9:7e:63:b9:8b:6d:13:5f:e5:3b:f1:20. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'waashu.biosci.ohio-state.edu,126.96.36.199' (DSA) to the list of known hosts. email@example.com's password: Last login: Tue Jul 15 2003 15:37:15 You have new mail. /usr/local/testing WAASHU testing 1 >
In this case, we've never connected waashu before, so slogin asks whether we really believe that we're making a connection to the right host and that it's really giving us valid credentials. This is the one point in all our communications where an imposter in the middle of the communication could easily insert false information and fool us into transmitting our information insecurely. Again, this leaves the terminal connected to the remote machine and sitting at a shell prompt on the remote machine. The-L21:waashu:21 part of the command sets up the tunneling magic. It tells slogin to start listening on port 21 (which is the port that the FTP server would usually listen to), capture anything it sees, package it securely, and transmit it to waashu, where it is to be unpackaged and sent to waashu's port 21 (thereby connecting to waashu's FTP server).
When slogin is connected like this, it is connecting port 21 the normal ftp port on our machine (localhost) to port 21 on the remote host we're logged in to. Open another terminal window. The second terminal window is used to invoke ftp to connect over the tunnel (by connecting to our local machine, usually available as localhost and always available as 127.0.0.1) like so:
brezup:miwa miwa $ ftp localhost Connected to localhost.biosci.ohio-state.edu. 220 waashu.biosci.ohio-state.edu FTP server ready. Name (localhost:miwa): testing 331 Password required for testing. Password: 230 User testing logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> passive Passive mode on. ftp> cd osx-misc 250 CWD command successful. ftp> binary 200 Type set to I. ftp> put developer-1.tiff local: developer-1.tiff remote: developer-1.tiff 227 Entering Passive Mode (140,254,12,239,60,59) 150 Opening BINARY mode data connection for 'developer-1.tiff'. 226 Transfer complete. 1255376 bytes sent in 16.2 seconds (77490 bytes/s) ftp> quit 221 Goodbye.
To check whether it arrived okay, we go to the waashu terminal:
WAASHU osx-misc 203 > ls -l dev*tiff -rw-r--r-- 1 testing user 1255376 Apr 21 20:35 developer-1.tiff
Note that when we ftp to localhost, ftp reports that we're connected to localhost, but waashu responds. The tunnel is working as expected.
As noted earlier, use of port 21 is restricted to the root user, but for your first introduction, it made sense to direct the ftp port to the ftp port. There is nothing that limits the forwarding to connecting identically numbered ports, though, and ftp can also connect to ports other than the usual port 21. For use on a day-to-day basis, a normal user can replace the -L21:<machinename>:21 section of the command with-L2000:<machinename>:21. The ftp command then is extended by adding the port number for the local connection as ftp localhost 2000. This probably sounds more complicated than it really is. It really doesn't look much different than just directing the ftp port to the ftp port. In one window, run this:
brezup:miwa Documents $ slogin waashu.biosci.ohio-state.edu -l testing -L2000:waashu:21
And in another, run the ftp command as like so:
brezup:miwa Documents $ ftp localhost 2000
This works identically to having root route the tunnel as shown in the first example.
If your machine doesn't know the target by a short name (such as <waashu>), you need to use an IP address or fully qualified hostname for the -L<sourceport>:<target hostname>:<targetport> part of the command as well as the base slogin itself.
Another option, if all you want to do is forward a port without receiving a shell prompt on the remote host, is using the -N option to slogin. This doesn't cause it to return to the command line but is useful in stored terminal scripts if you're not interested in leaving a prompt open and unused (which is usually a good idea for security purposes).
Table 13.4 shows the syntax and additional options for the operation of slogin.
scp, sftp, and Others In addition to the slogin program, the Secure Shell suite of programs provides additional data encryption and protection functions to the user. There are components (scp) that function analogously to the cp command that you learned about in Chapter 10, "Common Unix Shell Commands: File, Directory and Disk Operations," and to the ftp command that you learned about earlier in this chapter (sftp).
The scp command can copy a file either from or to a Secure Shell remote host. The syntax, like cp, is scp <from> <to>. Either <from> or <to> can be specified as a remote machine and file, in the syntax of [<username>@]<remotemachine>:<pathtofile>. For example, the following command copies ~ray/public_html/my_bookmarks.html from the machine soyokaze (soyokaze is a host alias to soyokaze.biosci.ohio-state.edu on this machine) to a file by the same name in the local folder ~/Documents/:
brezup:ray testing $ scp ray@soyokaze:public_html/my_bookmarks.html ~/Documents/ firstname.lastname@example.org's password: my_bookmarks.html 100% 271KB 45.4KB/s 00:05
Likewise, the following copies the file myfile from the current directory to the directory /tmp on the machine known as soyokaze (again, you will need a long name here if your local machine doesn't know the target machine by a short alias) and names it yourfile on the remote machine soyokaze, again logging in using the user ID ray:
brezup:ray testing $ scp ./myfile email@example.com:/tmp/yourfile firstname.lastname@example.org's password: myfile 37% 208KB 20.6KB/s 00:17 ETA
Note that scp doesn't make complaints about the host key the second time because it has already accepted and stored it.
Table 13.5 shows the syntax and interesting options for scp.
The sftp command can also be used to securely transfer files. It was not available in the original Mac OS X 10.0 distribution but was included in a later update.
The basic syntax for using sftp is
This syntax opens an interactive sftp session, which works much like a typical interactive ftp session, as shown here:
brezup:sage Documents $ sftp email@example.com Connecting to rosalyn.biosci.ohio-state.edu... firstname.lastname@example.org's password: sftp> lcd terminal sftp> cd terminal-misc sftp> put term-display-1.tiff Uploading term-display-1.tiff to /home/miwa/terminal-misc/term-display-1.tiff sftp> ls drwxr-xr-x 2 miwa class 512 Aug 6 20:56 ./ drwxr-xr-x 21 miwa class 1024 Aug 6 20:53 ../ -rw-r--r-- 1 miwa class 921862 Aug 6 20:57 term-display-1.tiff sftp> quit
In this example, an interactive sftp session was used by user sage to transfer the file term-display-1.tiff to user miwa's terminal-misc directory on the remote host rosalyn.biosci.ohio-state.edu. The lcd command was used to change to sage's terminal directory on the local machine, brezup, and cd was used on the remote host to change to miwa's terminal-misc directory. Of course, the sftp command could have been issued directly in sage's terminal directory. Like an interactive ftp session, the interactive sftp session can take commands such as cd, ls, and put. As is the case with scp, if you have the same username on both machines, it is not necessary to supply a <username> because the current username is assumed by default.
Table 13.6 shows the syntax and some of the useful options for sftp.
The "Busload of Useful Tricks" Network Client: cURL
cURL, more commonly known simply as curl, is a command-line tool for getting or sending data to network services using URL syntax. The name is a bit of a play on words, being pronounced either as one word as in "kurl," or as two words as in "see URL" (implying the unspoken "do URL" to those with a Unix sense of humor). curl is based on the libcurl library, which has the goal of bringing convenient URL-type data access and transfers to software that needs it.
Philosophically, curl is a very Unix-friendly program, providing a very specific function, while trying not to overlap the functionality of other programs. We are including it among these other more application-like programs because curl makes an excellent assistant program for almost any software that needs network access. As such, it might not fit our definition of an application or application suite, but it does integrate well as a network-access partner for other applications and application suites.
At its simplest, curl syntax is curl [options] <URL>. The complexity and power come from the range of available options. For example, to retrieve the web page http://www.biosci.ohio-state.edu/ using curl, the syntax is simply
The output of this is identical to using lynx -dump -source http://www.biosci.ohio-state.edu/. curl, however, can grab the name of the remote file from the remote server and write the data into a file by that name locally without you having to do a redirect as you would with lynx. Therefore, you could use
curl -O http://www.biosci.ohio-state.edu/index.html
lynx -dump -source http://www.biosci.ohio-state.edu/index.html > index.html
curl isn't a replacement for lynx because it isn't a web browser, but, on the other hand, curl is bidirectional and can send data as well as receive it. The -T <file> option directs that the local file named <file> be sent to the remote machine and file or directory name as specified in <URL>.
brezup:ray Unleashed $ curl -T fig18_.gif ftp://192.168.1.143/incoming/ % Total % Received % Xferd Average Speed Time Curr. Dload Upload Total Current Left Speed 52 763k 0 0 52 402k 0 27744 0:00:28 0:00:14 0:00:14 34526
This command results in fig18_.gif being ftped from the current directory to the machine located at 192.168.1.143 and placed in the incoming subdirectory of the ftp directory on that machine. Speed and progress statistics are displayed as the file is transmitted.
These are the variations on curl that most people will use, most frequently, but the range of available options is truly diverse. Table 13.7 shows the syntax and some of the more useful options for curl, including hints on how to access secure servers, track cookie contents, and other useful trivia.
|< Day Day Up >|