With the release of 10.0.2, Apple has included an upgraded FTP server that makes it easier to control which directories FTP users can utilize. This is done using an 'ftpchroot' file, which makes each listed user's home directory appear as the root of the system via FTP, so there's no way they can move "up" out of their directories.
Implementing 'ftpchroot' is quite simple, but it does require a bit of editing work as root. If you'd like to restrict your FTP users to their own directory, read the rest of this tip.
This is the result of a few hours worth of digging around, chasing after a loooong setup delay on SSH connections with (if I recall correctly) both the 2.3 SSH in 10.0.1 and the 2.5 SSH available from Scott Anguish.
If any of you have been experiencing long (dozens of seconds) waits in starting up SSH connections, it looks like 'arp' is being called with a parameter order that Apple's arp utility isn't handling as expected (Apple's utility wants 'arp -n -a' when SSH is using 'arp -a -n'). [Found this out by running ssh -v -v, after a bit of packet sniffing and DNS experimentation.]
Read the rest of this article if you'd like a workaround to speed up your SSH connections!
Since the 10.0.1 update has been released, one of the new features is the implementation of SSH/SSHD. First thing I always do after an install of SSHD is edit a few items in the sshd_config file.
- At your terminal, 'su -' to your root account
- 'pico -w /etc/sshd_config'
- Look for the line containing "PermitRootLogin yes"
- Simply change this line to read "PermitRootLogin no"
- Save your changes and exit the editor
- Open your "System Preferences" from the Dock, and choose "Sharing"
- If the check box beside remote access is not selected, turn it on if you wish for SSH access to be enabled. If it is already selected, then just cycle it. Click it off, then back on.
...unless of course you want to allow someone one step closer to controlling your machine remotely. ;)
I recently got OSX and immediatly started to setup an FTP, using the built in FTP sharing in the system preferences. Everything works great, and the server is running, but the only problem is... every user has access to anything. I can't restrict access to folders (I dont know how anyways...) I would like a setup many different users who can only access their own folders, not my ENTIRE HD. Any help would be appreciated.
Want to get down and dirty and find out what kind of traffic is on your network? Well, a packet sniffer is a great tool for this, and OS X has a copy of tcpdump, the open-source packet sniffer program, pre-installed.
Please note three things about tcpdump:
- It's a command line tool so you'll have to use the Terminal. (See the manual (man tcpdump) pages for options.)
- You have to be root to use it (or use sudo)
- It can be used for good or evil. Please make the right choice.
As a networking teacher, it's a great way to show students how insecure their network traffic really is (especially stuff like telnet and ftp).
People may already know this but for those that don't:
You can add several different network configurations in the Network System Preferences panel. For instance if you have several different ISPs. To do this you go to the panel and select advanced options from the drop down menu. Then click New and enter something in the name box (could be the isp name or random numbers it doesn't matter really) and the modem port that you want to use for the connection. Then click ok and return to the advanced section. Then using the drop down box select your new network configuration and enter all of the details. Then when you next go to the internet Connect app you will be able to select between the two connections via the drop down menu at the top. It seems to work quite well. You don't even need to restart internet applications.
There was a question in the quickies about accessing files in a Public folder from another SSH capable computer. In this piece, I'll try to answer that question and hopefully help folks understand SSH a little better.
Read the rest of this article for a great overview on what SSH actually is, and how to use it for remote connectivity in OS X.
I've been searching the net now since installing OSX Final for a way to use my hosts file in my /etc folder like I do under Linux for developing websites (i.e. in the hosts file I create "127.0.0.1 somesite.me" and then use apache and http headers so that somesite.me in a browser returns a locally created website).
Looking in the /etc/hosts file you are told that the file isn't consulted unless you change your lookupd configuration. Lookupd is handled by NetInfo. And hence my problem: I had no idea how to change the order in NetInfo to look at the flat file /etc/hosts before going to DNS.
Read the rest of this article if you'd like more info on using NetInfo as at hosts file...
Whew! Just got through installing DNSUpdate. I had trouble with the installer. It started up, but didn't seem to do anything. By looking at the uninstall directions, I figured out how to install it manually though.
I untarred the Files.tar.gz in the installer:
sudo tar xzvf DNSUpdateInstaller.app/Contents/Resources/Files.tar.gz
That got me most of the way. But it seems that the location of the StartupItems folder has changed since the Public Beta, so I had to move it: