The incomparable Brad Suinn from Apple has been kind enough to release juicy tidbits about the AppleShare X Client in a unauthorized readme. Amongst other things the end of the file shows how to do an AFP/IP connection using SSH so everything is nice and secure and encrypted. Check out:
The network preferences file is used to store all the user entered information about your TCP-IP/PPPoE/PPP settings. If you are looking to automatically setup these settings for use in an "easy installer", the preferences file can be found at this location:
This file is usually owned by root, in group wheel.
The /etc/hosts file by default is ignored by OS X. Though it is possible to import hosts into the "machines" directory (see tips here on macosxhints), there is also a way to configure lookupd so it consults /etc/hosts directly.
lookupd can use different agents to lookup hosts: e.g. DNSAgent which consults DNS, FFAgent which consults local files like /etc/hosts, and CacheAgent which will keep a local cache. The trick is to tell lookupd which agents to use in which order.
Read the rest of this article if you'd like the details on making OS X use your local hosts file before it uses the DNS servers.
With the release of 10.0.2, Apple has included an upgraded FTP server that makes it easier to control which directories FTP users can utilize. This is done using an 'ftpchroot' file, which makes each listed user's home directory appear as the root of the system via FTP, so there's no way they can move "up" out of their directories.
Implementing 'ftpchroot' is quite simple, but it does require a bit of editing work as root. If you'd like to restrict your FTP users to their own directory, read the rest of this tip.
This is the result of a few hours worth of digging around, chasing after a loooong setup delay on SSH connections with (if I recall correctly) both the 2.3 SSH in 10.0.1 and the 2.5 SSH available from Scott Anguish.
If any of you have been experiencing long (dozens of seconds) waits in starting up SSH connections, it looks like 'arp' is being called with a parameter order that Apple's arp utility isn't handling as expected (Apple's utility wants 'arp -n -a' when SSH is using 'arp -a -n'). [Found this out by running ssh -v -v, after a bit of packet sniffing and DNS experimentation.]
Read the rest of this article if you'd like a workaround to speed up your SSH connections!
Since the 10.0.1 update has been released, one of the new features is the implementation of SSH/SSHD. First thing I always do after an install of SSHD is edit a few items in the sshd_config file.
- At your terminal, 'su -' to your root account
- 'pico -w /etc/sshd_config'
- Look for the line containing "PermitRootLogin yes"
- Simply change this line to read "PermitRootLogin no"
- Save your changes and exit the editor
- Open your "System Preferences" from the Dock, and choose "Sharing"
- If the check box beside remote access is not selected, turn it on if you wish for SSH access to be enabled. If it is already selected, then just cycle it. Click it off, then back on.
...unless of course you want to allow someone one step closer to controlling your machine remotely. ;)
I recently got OSX and immediatly started to setup an FTP, using the built in FTP sharing in the system preferences. Everything works great, and the server is running, but the only problem is... every user has access to anything. I can't restrict access to folders (I dont know how anyways...) I would like a setup many different users who can only access their own folders, not my ENTIRE HD. Any help would be appreciated.
Want to get down and dirty and find out what kind of traffic is on your network? Well, a packet sniffer is a great tool for this, and OS X has a copy of tcpdump, the open-source packet sniffer program, pre-installed.
Please note three things about tcpdump:
- It's a command line tool so you'll have to use the Terminal. (See the manual (man tcpdump) pages for options.)
- You have to be root to use it (or use sudo)
- It can be used for good or evil. Please make the right choice.
As a networking teacher, it's a great way to show students how insecure their network traffic really is (especially stuff like telnet and ftp).