Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Remote login from Finder' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Remote login from Finder
Authored by: pservice on Oct 18, '02 05:15:42PM

Do you really need all the Terminal command line stuff to do this securely? If I'm working at home and want to connect to my work machine, I just choose Connect to Server in the Finder's Go menu. When I get the dialog, I enter my work machine name (or IP address), username, password, and select the volume that I want to access. That volume then mounts on my desktop at home, and I can simply drag-and-drop files either way. Obviously, the machine at work is on (although no user is logged in), and Remote Login is checked in the Sharing preferences. Both machines are running 10.2, and I have a cable modem at home. The only reason I could see for doing this from the command line would be if using the Finder does not create an ssh connection? Anybody know?



[ Reply to This | # ]
Remote login from Finder
Authored by: balthisar on Oct 18, '02 07:16:57PM

And then again, who cares if the Finder connection is secure for an PowerPoint file? There are good times to be paranoid, and times where it's just silly.

Of course, I *do* realize there are valid needs for encryption -- just that in most cases using the Finder is probably the better way to go.



[ Reply to This | # ]
Remote login from Finder
Authored by: Jay D on Oct 18, '02 07:30:49PM
Well, i certainly care if i send my ip address, username and password in the clear on an open network. who could ask for a better invitation to screw with you? seriously, it's not about what you're using it for, but how you use it. i suppose if there's nothing on your machine that you care about, fine, but the "nobody's interested in my data" argument will get you every time. as a personal example, i connected a linux server appliance to the world, with nothing on it save the os at that point, and it was broken into the next day.

[ Reply to This | # ]
Remote login from Finder
Authored by: broohaha on Oct 18, '02 11:08:42PM
as a personal example, i connected a linux server appliance to the world, with nothing on it save the os at that point, and it was broken into the next day.


Out of curiosity, how were you able to tell that this had happened?

[ Reply to This | # ]
Remote login from Finder
Authored by: phidauex on Oct 25, '02 04:23:55PM

The concern isn't the files getting stolen, its the username and password. If I send my password and username around in clear text, someone needs only to sniff those packets, and break into the machine. They don't care about the file I transferred, they care about the password. Once they have a login name and password, they can do quite a bit of nasty stuff. And don't think that just because no one knows your IP address that you are safe, port scanners sit around scanning entire subnets, just hunting for computers to potentially exploit.

As an example of how quickly people start intrusion attempts, check out http://www.honeynet.org They set up 'honey nets' which are computers connected to the internet, with only a default installation, no special programs or software. A network of computers on the same subnet are highly secured, and run sophisticated logging programs that log every packet going in and out of this 'stock' machine. Since the machine has no purpose, no packets will go in and out, until someone tries to break into it, at which point they log the packets, trying to backtrace what the hacker is doing, to learn what exploits they are using, and how to prevent them from doing it in the future. They don't do anything at all to 'attract' hackers to the computer, they simply install the OS, and plug it into the internet. They get hack attempts usually within the first couple of days. If you have a computer with a static IP, there is a very good chance that someone has attempted to hack into it. OS X is moderately secure in its default installation, and not a lot of specialized exploits are known, but that doesn't mean that you are safe. Its worth it to expend a little extra effort to secure your transmission of passwords. No computer is secure once they have access to a user account.

Also, don't think that just because you don't have any valuable info that you are safe. Usually hackers won't hack big jobs from their own computer, they will break into several other computers, preferably ignorant home computer owners, and then remotely use those computers to do the hacking, great way to hide your tracks. They also like to use random little home computers to run IRC servers, serve warez to each other, things like that. Your computer might not have anything valuable on it, but those 40gigs of free space and your high speed DSL would be great for transferring huge warez between their buddies without using up their bandwidth :)

Anyway, not to be a doomsayer or anything, just pointing out that security is a pretty handy thing to keep in mind, regardless of how invisible you think you are.

Oh, and if you have SSH installed on your mac (which, unless you did something to it, you do), you also should have sftp, which works just like ftp, but is secure! I use that all day long on between my computers. And clients like Transmit 2.0 support the SFTP protocol too. Sweet, huh?

Peace,
sam



[ Reply to This | # ]
Remote login from Finder
Authored by: Jay D on Oct 18, '02 07:22:50PM
interesting. i'd check with the sysadmin at work and see what they're using to let you do AFP (appleshare) over an open connection (the Internet). perhaps you've connected to work with a vpn or some such? or some other interesting scheme is already in place that's transparent to you. otherwise, i assume what you're doing is totally insecure, and your password is sent in the clear (again, ask the sysadmin and chide them if this is the case!). i use Vapor a GUI to create SSH tunnels for AFP. the idea is to wrap AFP in SSH, so while everything looks like you're mounting the disk like always, the traffic is getting encryped. works great and no command-line futzing (though often scp is much much faster...) hope this helps...

[ Reply to This | # ]
Remote login from Finder
Authored by: JohnnyMnemonic on Oct 18, '02 10:50:58PM

AFP over SSH is now included in Jaguar. It is available from the "Options " box when logging in. Vapor was created to address the need in 10.1.x; with 10.2, Vapor is (mostly?) superfluous and development has (mostly) stopped. Mactroll has open sourced the code to Vapor, in fact.

Look for other exciting projects from www.afp548.com!

[ Reply to This | # ]
Remote login from Finder
Authored by: yrrw on Oct 22, '02 09:29:25AM
But how do we know the connection is made using ssh. When I do a netstat, all I get is
[slarty:~] me% netstat Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 slarty.49493 sharonda.afpovertcp ESTABLISHED tcp4 0 0 localhost.49488 localhost.ipp CLOSE_WAIT
No mention of ssh. any ideas?

[ Reply to This | # ]
Remote login from Finder
Authored by: Krioni on Oct 22, '02 05:05:19PM

Hmm. Strangely enough, I believe there are two problems:

1. The login for AppleShare supposedly encrypts the password.

2. I chose the SSH appleshare connection, and yet watching my network traffic flow using tcpflow, I could clearly read some of the contents of a file I transferred, as well as the directory listing sent back.

So, I believe the password is encrypted, but even when you choose "Allow SSH connection" it doesn't guarantee you get one.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Chas on Oct 18, '02 07:47:41PM

Yes, it is quite easy to use SSH-encrypted sharing. Once you've set up your SSH permissions, you merely need to connect to the server, at the password window just hit the Options button, and select the option to allow SSH encrypted connections. You will then connect to your remote disk volume just like any other file share, except it's encrypted. Note that the dialog box will show a URI like
afp://yourIPnumbers:548/
instead of the usual
afp://yourIPnumbers/
Yes, you're filesharing over port 548, with SSH encryption. It's EASY, just one extra click, and you are connected securely. One other advantage: you can use SSH filesharing to connect to a remote machine anywhere, with normal filesharing they have to be on the same local subnet. You can even create an alias of the shared volume, just doubleclick and the encrypted connection is reestablished.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Jay D on Oct 18, '02 08:23:21PM

assuming the remote machine is running os x server, right? it seems a default config option on server, but not the client version of os x, where you have to do the tunnelling thing somewhat manually.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Chas on Oct 18, '02 09:17:49PM

No, MacOS X Server is not required. I can connect via Finder SSH filesharing easily between two plain MacOS X 10.2 machines. Try it!
Of course, you'd need other arrangements (like rcp, sftp etc) for connecting to other types of machines & OS.



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: zed on Oct 20, '02 05:50:41AM

But All this requires extra ports to be open on the firewall!..

I'm assuming that most people who want to send files back and forth are not the admins of the firewall, and getting firewall admins to open ports just is not done!..

Cheers,
---Zed :cool:



[ Reply to This | # ]
Remote SSH filesharing from Finder is EASY
Authored by: Jay D on Oct 21, '02 02:06:33PM

Yeah, that's sort of my thought. I really like that the only open port is 22. Thanks for the correction that it's supported though!



[ Reply to This | # ]
ssh from remote computer
Authored by: NANDITA on Mar 26, '03 03:20:31PM

i am trying to use SSH to login to my work comp - when i try any of the computers within my lab- ssh works- however, if i go to another building- or go home and try ssh, it can never login. after i type in the ssh command the terminal window just stays as it is and ends with "No Route to Host"
any pointers?- this has been the way ever since- am not sure its even a os-x problem or what.
thanks much
nandita



[ Reply to This | # ]