Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use remote login to securely copy files Network
If you're a UNIX user before Mac, then you'll probly know this hint and say this lame, and if you're a Mac Only user you'll (hopefully) say "Wow, that's cool!"

OK picture this. I've been working all night long on a PowerPoint Presentation on my desktop at home. In the morning, I pick up my trusty iBook and go to the office ready for my presentation, but I find that I forgot to copy the file to the laptop!

I don't shutdown my desktop at home, and my internet connection is always on. I also allow SSH (secure shell) connections through my firewall, and my Mac has the "Remote Login" option ticked in the sharing prefs (which enables SSH). So I open up my laptop at work, connect to the office network, then open up Terminal and type:
 % scp zed@192.9.200.1:/Users/zed/Documents/MySlides.ppt .
Note that the above is all one line, and don't forget the fullstop on the end.

Basically, this command (scp = secure copy; type 'man scp' for more information) uses the SSH tunnel (encrypted) to make a connection to my system at home (192.9.200.1) and login as zed. It asks for my password and then downloads that file I specify. I have to know the path but I could ssh in first to check that out. The fullstop at the end says "save the file here," so that's where ever you are in the directory when you issue the command.

You can also run the command the other way around to copy a file from your local system to the remote:
 % scp MySlides.ppt zed@192.9.200.1:/Users/zed/Documents/
It's also worth noting that if your user names are the same on the remote system and the local system, then you do not need to type zed@192.9.200.1 but rather you can just type 192.9.200.1. Replace these numbers with your home machine's IP address, of course.

All the data transfered this way is encrypted and means that you do not have to run web servers or FTP servers which are not secure!
    •    
  • Currently 0.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (0 votes cast)
 
[16,516 views]  

Use remote login to securely copy files | 30 comments | Create New Account
Click here to return to the 'Use remote login to securely copy files' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Cocoa application
Authored by: vrunkel on Oct 18, '02 10:54:48AM

Hi,

look at versiontracker fpr fugu. it is a ui for sftp/scp. runs great.


volker



[ Reply to This | # ]
Cocoa application
Authored by: russh on Oct 18, '02 11:46:08AM

I would also point out RBrowser. It's a pay app, but it's very elegant and powerful. GUI for ssh, scp, sftp, ftp, etc. (There is also a "lite" editon, but I think it only does FTP.)



[ Reply to This | # ]
fugu and dyndns.org
Authored by: tratliffma on Oct 18, '02 05:41:01PM

I'll second the use of fugu.

If you don't have a fixed ip, you can use dyndns.org to register a domain name that will point to your machine even if the ip changes. I think the hint for this was at o'reilly. Since I have a cable modem without a fixed ip, this has worked out great for me.



[ Reply to This | # ]
fugu and dyndns.org
Authored by: bluehz on Oct 20, '02 07:41:34AM

fugu is an excellent choice - EXCEPT I have never been able to get it to view the "dot" invisible files on the remote machine. Sometimes I need to act on those files.



[ Reply to This | # ]
Remote copy from another Volume ?
Authored by: prosper on Oct 18, '02 11:04:50AM

How can I do a remote copy from another Volume ?

" % scp me@xxx.xxx.xxx.xxx:/Volumes/Documents/MyDocument . " always give me a "No such file or directory" message



[ Reply to This | # ]
Remote copy from another Volume ?
Authored by: dr_turgeon on Oct 18, '02 11:20:32AM
Specify the path with a user, perhaps?

IMO, I think the better way to do this is transport yourself (ssh) down to the surface (ip) with the file you want then beam back (scp) the files you find there to the machine you're really at!

(Remember this only sends the data fork of old-fashioned mac files...)

[ Reply to This | # ]
Remote copy from another Volume ?
Authored by: zed on Oct 18, '02 11:36:32AM

__________________________
How can I do a remote copy from another Volume ?

" % scp me@xxx.xxx.xxx.xxx:/Volumes/Documents/MyDocument . " always give me a "No such file or directory" message
______________

Thats about the right syntax... I guess the thing to check is that you have the complete path entered and case is correct.... If you need to add spaces then excape them put \ before the space..

Cheers,

---Zed



[ Reply to This | # ]
Remote copy from another Volume ?
Authored by: sjonke on Oct 18, '02 04:58:46PM
" % scp me@xxx.xxx.xxx.xxx:/Volumes/Documents/MyDocument . "

Me thinks you left the name of the volume out! For instance, if you had an external drive called "bozo", then the path to it would be:

/Volumes/bozo/


[ Reply to This | # ]
Remote copy from another Volume ?
Authored by: zed on Oct 20, '02 05:44:49AM

I was assuming the Volume was called "Documents" :-)

--Zed :cool:



[ Reply to This | # ]
using ssh keys instead of passwords
Authored by: perdedor on Oct 18, '02 11:30:44AM

skip the whole password prompting with this:

ssh-keygen -d <hit enter three times to accept the defaults>
scp ~/.ssh/ida_dsa.pub user@remote.host:~/.ssh/authorized_keys2

and that\'ll be the last time you are prompted for your password on that remote host as that user. if .ssh/authorized_keys2 file already exits (most likely not if this is new info for ya) scp the file under as authorized_keys2.myhost and then

cd ~/.ssh && cat authorized_keys2.myhost >> authorized_keys2\



[ Reply to This | # ]
using ssh keys instead of passwords
Authored by: rocteur on Oct 21, '02 09:00:21AM

Thanks this is GREAT!



[ Reply to This | # ]
using ssh keys instead of passwords
Authored by: robertop on Jan 21, '03 09:42:20AM

I did this and i works fine when using ssh, but when I try to scp a file
I get an error saying:
scp:warning: Executing scp1 compatability
scp:FATAL:Executing ssh1 in compatability mode failed (chech that scp1 is in your path)

The remote site runs 2.3.0 from SSH corporation so I can't understand why the
servers are trying version 1 of the protocol.

Any hints??

/Rob



[ Reply to This | # ]
Remote login from Finder
Authored by: pservice on Oct 18, '02 05:15:42PM

Do you really need all the Terminal command line stuff to do this securely? If I'm working at home and want to connect to my work machine, I just choose Connect to Server in the Finder's Go menu. When I get the dialog, I enter my work machine name (or IP address), username, password, and select the volume that I want to access. That volume then mounts on my desktop at home, and I can simply drag-and-drop files either way. Obviously, the machine at work is on (although no user is logged in), and Remote Login is checked in the Sharing preferences. Both machines are running 10.2, and I have a cable modem at home. The only reason I could see for doing this from the command line would be if using the Finder does not create an ssh connection? Anybody know?



[ Reply to This | # ]
Remote login from Finder
Authored by: balthisar on Oct 18, '02 07:16:57PM

And then again, who cares if the Finder connection is secure for an PowerPoint file? There are good times to be paranoid, and times where it's just silly.

Of course, I *do* realize there are valid needs for encryption -- just that in most cases using the Finder is probably the better way to go.



[ Reply to This | # ]
Remote login from Finder
Authored by: Jay D on Oct 18, '02 07:30:49PM
Well, i certainly care if i send my ip address, username and password in the clear on an open network. who could ask for a better invitation to screw with you? seriously, it's not about what you're using it for, but how you use it. i suppose if there's nothing on your machine that you care about, fine, but the "nobody's interested in my data" argument will get you every time. as a personal example, i connected a linux server appliance to the world, with nothing on it save the os at that point, and it was broken into the next day.

[ Reply to This | # ]
Remote login from Finder
Authored by: broohaha on Oct 18, '02 11:08:42PM
as a personal example, i connected a linux server appliance to the world, with nothing on it save the os at that point, and it was broken into the next day.


Out of curiosity, how were you able to tell that this had happened?

[ Reply to This | # ]
Remote login from Finder
Authored by: phidauex on Oct 25, '02 04:23:55PM

The concern isn't the files getting stolen, its the username and password. If I send my password and username around in clear text, someone needs only to sniff those packets, and break into the machine. They don't care about the file I transferred, they care about the password. Once they have a login name and password, they can do quite a bit of nasty stuff. And don't think that just because no one knows your IP address that you are safe, port scanners sit around scanning entire subnets, just hunting for computers to potentially exploit.

As an example of how quickly people start intrusion attempts, check out http://www.honeynet.org They set up 'honey nets' which are computers connected to the internet, with only a default installation, no special programs or software. A network of computers on the same subnet are highly secured, and run sophisticated logging programs that log every packet going in and out of this 'stock' machine. Since the machine has no purpose, no packets will go in and out, until someone tries to break into it, at which point they log the packets, trying to backtrace what the hacker is doing, to learn what exploits they are using, and how to prevent them from doing it in the future. They don't do anything at all to 'attract' hackers to the computer, they simply install the OS, and plug it into the internet. They get hack attempts usually within the first couple of days. If you have a computer with a static IP, there is a very good chance that someone has attempted to hack into it. OS X is moderately secure in its default installation, and not a lot of specialized exploits are known, but that doesn't mean that you are safe. Its worth it to expend a little extra effort to secure your transmission of passwords. No computer is secure once they have access to a user account.

Also, don't think that just because you don't have any valuable info that you are safe. Usually hackers won't hack big jobs from their own computer, they will break into several other computers, preferably ignorant home computer owners, and then remotely use those computers to do the hacking, great way to hide your tracks. They also like to use random little home computers to run IRC servers, serve warez to each other, things like that. Your computer might not have anything valuable on it, but those 40gigs of free space and your high speed DSL would be great for transferring huge warez between their buddies without using up their bandwidth :)

Anyway, not to be a doomsayer or anything, just pointing out that security is a pretty handy thing to keep in mind, regardless of how invisible you think you are.

Oh, and if you have SSH installed on your mac (which, unless you did something to it, you do), you also should have sftp, which works just like ftp, but is secure! I use that all day long on between my computers. And clients like Transmit 2.0 support the SFTP protocol too. Sweet, huh?

Peace,
sam



[ Reply to This | # ]
Remote login from Finder
Authored by: Jay D on Oct 18, '02 07:22:50PM
interesting. i'd check with the sysadmin at work and see what they're using to let you do AFP (appleshare) over an open connection (the Internet). perhaps you've connected to work with a vpn or some such? or some other interesting scheme is already in place that's transparent to you. otherwise, i assume what you're doing is totally insecure, and your password is sent in the clear (again, ask the sysadmin and chide them if this is the case!). i use Vapor a GUI to create SSH tunnels for AFP. the idea is to wrap AFP in SSH, so while everything looks like you're mounting the disk like always, the traffic is getting encryped. works great and no command-line futzing (though often scp is much much faster...) hope this helps...

[ Reply to This | # ]
Remote login from Finder
Authored by: JohnnyMnemonic on Oct 18, '02 10:50:58PM

AFP over SSH is now included in Jaguar. It is available from the "Options " box when logging in. Vapor was created to address the need in 10.1.x; with 10.2, Vapor is (mostly?) superfluous and development has (mostly) stopped. Mactroll has open sourced the code to Vapor, in fact.

Look for other exciting projects from www.afp548.com!

[ Reply to This | # ]
Remote login from Finder
Authored by: yrrw on Oct 22, '02 09:29:25AM
But how do we know the connection is made using ssh. When I do a netstat, all I get is
[slarty:~] me% netstat Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 slarty.49493 sharonda.afpovertcp ESTABLISHED tcp4 0 0 localhost.49488 localhost.ipp CLOSE_WAIT
No mention of ssh. any ideas?

[ Reply to This | # ]
Remote login from Finder
Authored by: Krioni on Oct 22, '02 05:05:19PM

Hmm. Strangely enough, I believe there are two problems:

1. The login for AppleShare supposedly encrypts the password.

2. I chose the SSH appleshare connection, and yet watching my network traffic flow using tcpflow, I could clearly read some of the contents of a file I transferred, as well as the directory listing sent back.

So, I believe the password is encrypted, but even when you choose "Allow SSH connection" it doesn't guarantee you get one.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Chas on Oct 18, '02 07:47:41PM

Yes, it is quite easy to use SSH-encrypted sharing. Once you've set up your SSH permissions, you merely need to connect to the server, at the password window just hit the Options button, and select the option to allow SSH encrypted connections. You will then connect to your remote disk volume just like any other file share, except it's encrypted. Note that the dialog box will show a URI like
afp://yourIPnumbers:548/
instead of the usual
afp://yourIPnumbers/
Yes, you're filesharing over port 548, with SSH encryption. It's EASY, just one extra click, and you are connected securely. One other advantage: you can use SSH filesharing to connect to a remote machine anywhere, with normal filesharing they have to be on the same local subnet. You can even create an alias of the shared volume, just doubleclick and the encrypted connection is reestablished.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Jay D on Oct 18, '02 08:23:21PM

assuming the remote machine is running os x server, right? it seems a default config option on server, but not the client version of os x, where you have to do the tunnelling thing somewhat manually.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Chas on Oct 18, '02 09:17:49PM

No, MacOS X Server is not required. I can connect via Finder SSH filesharing easily between two plain MacOS X 10.2 machines. Try it!
Of course, you'd need other arrangements (like rcp, sftp etc) for connecting to other types of machines & OS.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: zed on Oct 20, '02 05:50:41AM

But All this requires extra ports to be open on the firewall!..

I'm assuming that most people who want to send files back and forth are not the admins of the firewall, and getting firewall admins to open ports just is not done!..

Cheers,
---Zed :cool:



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Jay D on Oct 21, '02 02:06:33PM

Yeah, that's sort of my thought. I really like that the only open port is 22. Thanks for the correction that it's supported though!



[ Reply to This | # ]
ssh from remote computer
Authored by: NANDITA on Mar 26, '03 03:20:31PM

i am trying to use SSH to login to my work comp - when i try any of the computers within my lab- ssh works- however, if i go to another building- or go home and try ssh, it can never login. after i type in the ssh command the terminal window just stays as it is and ends with "No Route to Host"
any pointers?- this has been the way ever since- am not sure its even a os-x problem or what.
thanks much
nandita



[ Reply to This | # ]
rsync
Authored by: peyote on Oct 19, '02 05:43:49AM

And if you like scp for this kind of thing, you'll love rsync.

Same kind of functionality and runs over ssh too (so secure), but is
smart about what it copies. You can tell it to copy a whole directory
tree not only will it only copy files that have changed, but it'll
only copy the *parts* of the files that have changed. So if you have
a single big file and you've (say) added a few lines at the end since
the last time you copied it, rsync will beat scp for speed every time.

You do need to have rsync installed on both computers though (I imagine
it's in fink, and it's pretty easy to build on any Unix box)

Handy idiom:-
rsync -vae ssh --delete MyDir remote:BackupDir

Will copy al the files (and folders) on Mydir to BackupDir on the machine
called "remote". The next time you run it, it will only copy the changes
across.... so handy for remote backups etc.



[ Reply to This | # ]
rsync
Authored by: peyote on Oct 19, '02 05:50:12AM

Silly me, I should have checked... rsync is bundled with Jaguar, so
just "man rsync" in a terminal window for the low-down.

It's version 2.5.2 which is a little old, but I'm pretty sure
new enough to have the last security issue fixed.





[ Reply to This | # ]
Fantastic
Authored by: rocteur on Oct 21, '02 08:57:25AM

This is fantastic, thanks very much.

Jerry



[ Reply to This | # ]