SSH posts

Mac OS X 10.6 Snow Leopard introduced a lot of under-the-hood changes and many are not very obvious. One such change is to the authentication requirements for logging in remotely via SSH.

In 10.5 logging in remotely via SSH was a pretty standard affair. In 10.6, however, security has been beefed up a bit to require case-sensitive login credentials. While this requirement has already been imposed on passwords, Snow Leopard now requires a case-sensitive user name as well.

In other words, when logging in via SSH, Snow Leopard differentiates between the username "aron" and "Aron." This threw me for a loop for quite some time and is another one of the numerous reasons I have held off upgrading my Mac mini to 10.6.

1. Remember, this only affects jailbroken iPhone owners who have installed OpenSSH...
2. Begin by installing MobileTerminal via Cydia (alternately, you can login via SSH from Terminal.app or a Cygwin-equipped Windows PC).
3. Type "login", you will be asked for a login name which should be "root" then a password which should be "alpine".
4. Type "passwd" then tap return, you will be asked to type the new password. Tap return and type the new password again.

Enter Meerkat, the SSH tunnel tool with the friendly face. I mentioned Meerkat about a year ago, and apparently things have been busy at the Code Sorcery Workshop since that release. The latest version of Meerkat -- version 1.2 -- sports an array of new features, from AppleScript support to a command line utility, as well as improvements to existing features like Bonjour sharing and the tunnel editing interface. I've been using the previous version for quite some time now, and I can say that this version adds some great features to an already great application.

AppleScript support means automation, and Meerkat plays well with location managers like NetworkLocation (a plugin is available on the Meerkat page), or any location manager which can run AppleScripts or shell commands. With such a setup, you can have your system automatically detect a change in networks and set up specific tunnels depending on your location. I won't go into the details of location managers right now, but it's something to look into for laptop owners on-the-move.

Additional features, including Application Triggers, Bonjour support and automatic reconnect for dropped tunnels all make Meerkat a valuable tool. At a current price of $19.95US, Meerkat provides features for a spectrum of users, from the Tunnel Setup Assistant for newbies, to advanced automation possibilities for veteran SSH'ers. I'd be negligent if I didn't mention at least one similar app in the freeware realm: SSHTunnel is a nice, easy-to-use GUI for setting up and managing tunnels. It lacks some of the automation and integration capabilities, but is a definite must-see if you're not ready to fork out for something more full-featured.

A trial of Meerkat is available for download, and a license can be purchased for $19.95US.

Another Friday Favorite, our weekly opportunity to get all sloppy over our most-loved applications.

If you have an always-on Mac at home, a decent upstream connection and another Mac anywhere outside of your home network, you might find ShareTool to be as useful as I do. It allows you -- with an amazing degree of simplicity -- to access your Bonjour services on a remote machine as if you were still within your home network. It does this over an SSH encrypted connection (and also automatically sets up a proxy for secure web-browsing over the tunnel). Yes, you can get some of these benefits with a simple SSH tunnel, or you could set up a VPN using HamachiX, but the simple fact that ShareTool "Just Works" makes it my favorite choice for everything from screen sharing to iTunes streaming.

I use ShareTool on a Mac Mini, with an Airport Extreme Base Station on a connection that gets about 800k average upload speed. iTunes streaming is flawless, and remote drive access is as good or better than just using SFTP. Setup is as simple as choosing a port (defaults to 22, the standard SSH port) to share on and hitting "Share" on your home Mac. After that, you can set it to start at login, and begin sharing on launch. Then, on your remote machine, you just need to enter an IP or domain and the port, and the rest is automatic. You can select which Bonjour services to enable or just go for broke and enable everything. I've got a static IP these days, but services like No-IP and DynDNS work great if you have a dynamic IP address. ShareTool can even handle updating the dynamic IP service for you, so you don't have to run any daemons.

ShareTool is provided by YazSoft, and a free trial is available for download on the main page. The pricing structure requires a license for every computer, and a pair of licenses costs $30USD (5 for $75USD). YazSoft provides free updates within a major version number (1.x customers get all 1.x updates for free). If you're looking for an easy way to keep your entire home network handy anywhere you go, it might be worth a try.

I would wager that most of the people who know they need an SSH tunnel also know the Terminal commands to make it happen. But if those people happen to be Mac users, it's quite likely they wouldn't be averse to having menu bar access, Growl integration, Bonjour capability and a nice GUI to handle their tunnels. And to those who just know they want secure browsing, email and other network activities but aren't SSH ninjas, such things might be even more attractive.

Code Sorcery Workshop's Meerkat is a handy application that provides all of the above tools and offers setup wizards to provide the right settings for the particular tunnel you need. It turns setting up a quick SOCKS proxy for web browsing into a 2 minute task. Setting up a tunnel for Mail is just as simple. Whether you're already using tunnels or looking to get some protection while browsing at the coffeehouse, Meerkat may be able to help out.

You can try Meerkat out for free with a time-limited demo. If it should become something you can't (or don't want to) live without, you can register it for $19.95.

Thanks, Mark!

This morning, reigning iPhone hack-king NerveGas compiled and installed sshd2 and ssh on his iPhone. So what does this mean? It shows that the first steps have been taken towards allowing the iPhone to natively ssh out. For all of you who are inclined to say "Oh ssh, my Nokia can do that... pffft", remember we're still in iPhone's early days. And, no, there isn't a GUI version yet. If you need ssh on your iPhone right now, you'll need to use a Web-based solution. Want to learn more? Head over to #iphone-shell at irc.osx86.hu.

Thanks to the whole iphone-shell gang.

TUAW has talked before about sshfs, the secure shell file system, and MacFUSE, the OS X implementation of FUSE (File-system in USErspace). So it's not huge news that you can use MacFUSE/sshfs to access the files on your iPhone but it might be an option that you've overlooked. It's certainly convenient. You can open a Finder window and treat your iPhone as another disk drive.

To make this happen, you must first enable ssh on your iPhone. Then, install MacFUSE and run sshfs, which will prompt you for the Server name (enter the iPhone's IP address) and Username (use "root"). Authenticate and, boom, you're good to go. The iPhone appears in your Finder source list as a new connected device.