In past few months we’ve talked about using the command line on MacOS X. This month were going to look at connecting to other computers and connecting to our own Mac from another workstation. As we’ve discussed in the past the MacOS X system is at it’s heart built on the UNIX operating system. So there are tools built in for controlling the computer remotely from the command line interface.
In the early days of UNIX systems the expensive resources of a computer were designed to be shared. The concept of having an user account was created to allow several users to log in. Users would sit down in front of a monitor with a keyboard that was connected to the main computer. These remote connections were referred to as “terminals”. When an operator wants to connect to a computer via command line, we refer to it as “opening a terminal”.
Since that time the use of command line interface has been available. There are telnet and ftp applications for both Macintosh and Windows machines, as well. It is possible to connect to a single machine on your network, via the Internet or with a modem. All you need is an account to access them.
Ftp and telnet are limited because both of those programs run with out encryption. That means someone watching you with a packet sniffer, will see your username and password as plain text. Remote access over the Internet should not be done without the use of Firewalls and/or some kind of encryption. Firewalls and “tcp wrappers” can further limit who can connect and from which machine. The upcoming “Panther” version of MacOS X will include the ability to use virtual private networks (VPN) that will allow us to connect to remote computers with encryption.
Telnet is an older program that allows you to connect to another machine and work as if you’re on the same machine. For security reasons Apple ships MacOS X with the telnet service disabled. They have included OpenSSL so that you can use SSH (secure shell) instead. All of the traffic used by SSH is encrypted.
To start the SSH service, open the Sharing pane in System Preferences. Check the box next to “Remote Login”. That’s it! Apple has scripted the steps to enable SSL on your machine.
Once SSH is turned on try this with your own machine:
Open the Terminal application, from the Utilities folder in Applications.
At the command prompt type “ssh [email protected]”. Here we are entering “ssh” and a username and IP address. (“localhost” and “127.0.0.1” are special unix addresses that mean “this machine”.)
The first time you log in the ssh command will send a unique key or “RSA key” to identify your machine. It asks you to enter this information in it own database.
[localhost:/etc] timmitra% ssh [email protected] The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. RSA key fingerprint is 00:f3:c3:88:98:d2:95:3a:b8:ce:d8:9c:28:06:ef:b9. Are you sure you want to continue connecting (yes/no)?
After we type “yes” it adds our machines information and then it asks for the user’s password!
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts. [email protected]'s password:
Once we’ve been authenticated it give us the local machine prompt.
Last login: Fri Oct 10 16:57:36 2003 from localhost Welcome to Darwin! [localhost:~] timmitra%
At this point we are on the “other” mchine. What we can do there depends on what we have permission to do based with our account. When were finished we can log out by typing “exit” at the prompt.
[localhost:~] timmitra% exit logout Connection to 127.0.0.1 closed.
Once you’ve established a connection to a remote machine you can edit files and control processes. Imagine you are locked out of your own workstation. Many PowerBook and iMac users have experienced an issue with the Energy Saver. The screen goes to sleep, but that Mac won’t “wake up”. To further aggravate the situation the keyboard and power key won’t restart the machine. The only alternative seems to be available is to pull the power plug.
But wait! The quick thinking Mac user can go to another machine and log in to the troubled machine. Using SSH they logon to their machine’s hostname or IP address and at the command prompt they type:
[localhost:~] timmitra% sudo shutdown -r now
“sudo” as you may remember form last month allows that user to issue a command as the “root” user. Of course they have to be an administrator to use “sudo”. The “shutdown” command will turn off the server (or Mac in this case) but the shutdown command needs a few options such as “-r” which means restart and “now” to tell it when to shut down. The Mac will properly shutdown, quitting all applications, including the SSH session and then restart.