Filed under: Cool tools, Freeware, Internet Tools, UNIX / BSD, Developer
JellyFiSSH: secure shell the easy way
JellyFiSHH is a cool little bookmark manager for automating connections to remote servers over telnet, SSH 1 or 2. SHH (or Secure SHell) is an important tool for creating secure connections across the Internet to a remote machine. By default this just gives you shell access (i.e. terminal access) to the remote server. Of course you can do all kinds of things with shell access, but one really cool thing about SSH is that you can also create secure tunnels to the remote computer through which you can run other applications, such as Chicken of the VNC for remote desktop access. By default, VNC connections are not secure, so that means things like passwords, etc. could potentially be intercepted. By going through a SSH tunnel, the VNC connection will be encrypted in the same way that regular SSH terminal access is secure. One of the great things about JellyFiSHH is that it will automate the creation of the tunnels by generating the appropriate terminal commands to create the tunnel based on settings you enter into its GUI (as above). As it happens, the guys over at FreeMacBlog have a great video tutorial up that shows you exactly how to set up a secure VNC connection with JellyFiSHH.
JellyFiSHH is a free download from grepsoft.net
[Via FreeMacWare]
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Viktor Szathmary said 3:21PM on 4-18-2007
Also check out SSHKeychain (http://www.sshkeychain.org/) - it does a fine job at managing authentication keys as well as tunnels.
Reply
James said 5:51PM on 4-18-2007
This is great, but it seems to require keeping the VNC port - 5900 - open to the world on my server. Doesn't that make it vulnerable to a dictionary attack?
Reply
James said 7:06PM on 4-18-2007
Ah, I realise what I was doing wrong. In the tunnel setup I had the remote address as the WAN side of my router, whereas it should have been the LAN side (ie 192.168.1.*), so SSH on the host was trying to go back out and in through the firewall.
Reply
Clair said 9:35AM on 4-19-2007
One of my favorite flags for ssh (other than -L) is -D. Bam! I have a dynamic SOCKS proxy. oh, how sweet it is.
Reply
JeffDM said 11:30PM on 4-21-2007
Dictionary attack? That's only a problem if your VNC server has a password that's in the dictionary.
Reply
James said 2:54PM on 4-22-2007
Well normally I'd agree that a strong password would be enough to keep a service secure (in fact my VNC password is the same as my SSH password, and I have no problem opening port 22). But VNC is a special case. For a start any attack (and admittedly I said dictionary where I should have said probabilistic) wouldn't need to match a username/password combo, because VNC access on the mac is password-only. So a probabilistic attack only has to match one factor and that brings me to my second point: OS X's built-in VNC server has no way of preventing multiple attempts to access it with incorrect passwords. So a script can sit there randomly generating passwords, not having to bother about matching them with usernames, and throwing them at the VNC server until it grants access, and the script can know a machine's vulnerable for targeting because the machine will respond in the negative on port 5900. And in this scenario we're talking about a service that's supposed to be left on all the time so that it can be accessed conveniently. In that case my strong password on its own is not enough to give me peace of mind. But as I said, I realised what was wrong in my tunnel setup and 5900 does not have to be open to the world, so no harm done.
Reply