The concept of having a user account was created to allow several users to log in. Users would sit down in front of a monitor with a keyboard that was connected to the main computer. These remote connections were referred to as “terminals”. When an operator wants to connect to a computer via command line, it was referred to as “opening a terminal”. Since that time the use of command line interface has been available. There are telnet and ftp applications for both Macintosh and Windows machines. It’s possible to connect to a single machine on your network, via the Internet or with a modem. All you need is an account to access them. Ftp and telnet are limited because both programs run without encryption. That means someone watching you with a packet sniffer, will see your username and password as plain text. Remote access over the Internet should not be done without the use of Firewalls and/or some kind of encryption. Firewalls and “tcp wrappers” can further limit who can connect and from which machine. The upcoming “Panther” version of Mac OS X will include the ability to use virtual private networks (VPN) that will allow us to connect to remote computers with encryption. Telnet is an older program that allows you to connect to another machine and work as if you’re on the same machine. For security reasons, Apple ships Mac OS X with the telnet service disabled. They have included OpenSSL so that you can use SSH (secure shell) instead. All of the traffic used by SSH is encrypted. To start the SSH service, open the Sharing pane in System Preferences. Check the box next to “Remote Login”. That’s it! Apple has scripted the steps to enable SSL on your machine. Once SSH is turned on try this with your machine: Open the Terminal application, from the Utilities folder in Applications. At the command prompt type “ssh timmitra@127.0.0.1”. Here we are entering “ssh” and a username and IP address. (“localhost” and “127.0.0.1” are special unix addresses that mean “this machine”.) The first time you log in the ssh command will send a unique key or “RSA key” to identify your machine. It asks you to enter this information in it own database.
[localhost:/etc] timmitra% ssh timmitra@127.0.0.1
The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can’t be established.
RSA key fingerprint is 00:f3:c3:88:98:d2:95:3a:b8:ce:d8:9c:28:06:ef:b9.
Are you sure you want to continue connecting (yes/no)?
After we type “yes” it adds our machines information and then it asks for the user’s password
Warning: Permanently added ‘127.0.0.1’ (RSA) to the list of known hosts.
timmitra@127.0.0.1’s password:
Once we’ve been authenticated it gives us the local machine prompt.
Last login: Fri Oct 10 16:57:36 2003 from localhost
Welcome to Darwin!
[localhost:~] timmitra%
At this point we are on the “other” machine. What we can do there depends on what we have permission to do based on our account. When we’re finished we can log out by typing “exit” at the prompt.
[localhost:~] timmitra% exit
logout
Connection to 127.0.0.1 closed.
Once you’ve established a connection to a remote machine you can edit files and control processes. Imagine you are locked out of your own workstation. Many PowerBook and iMac users have experienced an issue with the Energy Saver. The screen goes to sleep, but the Mac won’t “wake up”. To further aggravate the situation the keyboard and power key won’t restart the machine. The only alternative available is to pull the power plug. But wait! The quick thinking Mac user can go to another machine and log in to the troubled machine. Using SSH they log on to their machine’s hostname or IP address and at the command prompt they type:
[localhost:~] timmitra% sudo shutdown -r now
“sudo” as you may remember from last month allows that user to issue a command as the “root” user. Of course they have to be an administrator to use “sudo”. The “shutdown” command will turn off the server (or Mac in this case) but the shutdown command needs a few options such as “-r” which means restart and “now” to tell it when to shut down. The Mac will properly shutdown, quitting all applications, including the SSH session and then restart.