Since the 10.0.1 update has been released, one of the new features is the implementation of SSH/SSHD. First thing I always do after an install of SSHD is edit a few items in the sshd_config file.
- At your terminal, 'su -' to your root account
- 'pico -w /etc/sshd_config'
- Look for the line containing "PermitRootLogin yes"
- Simply change this line to read "PermitRootLogin no"
- Save your changes and exit the editor
- Open your "System Preferences" from the Dock, and choose "Sharing"
- If the check box beside remote access is not selected, turn it on if you wish for SSH access to be enabled. If it is already selected, then just cycle it. Click it off, then back on.
...unless of course you want to allow someone one step closer to controlling your machine remotely. ;)
I recently got OSX and immediatly started to setup an FTP, using the built in FTP sharing in the system preferences. Everything works great, and the server is running, but the only problem is... every user has access to anything. I can't restrict access to folders (I dont know how anyways...) I would like a setup many different users who can only access their own folders, not my ENTIRE HD. Any help would be appreciated.
Want to get down and dirty and find out what kind of traffic is on your network? Well, a packet sniffer is a great tool for this, and OS X has a copy of tcpdump, the open-source packet sniffer program, pre-installed.
Please note three things about tcpdump:
- It's a command line tool so you'll have to use the Terminal. (See the manual (man tcpdump) pages for options.)
- You have to be root to use it (or use sudo)
- It can be used for good or evil. Please make the right choice.
As a networking teacher, it's a great way to show students how insecure their network traffic really is (especially stuff like telnet and ftp).
People may already know this but for those that don't:
You can add several different network configurations in the Network System Preferences panel. For instance if you have several different ISPs. To do this you go to the panel and select advanced options from the drop down menu. Then click New and enter something in the name box (could be the isp name or random numbers it doesn't matter really) and the modem port that you want to use for the connection. Then click ok and return to the advanced section. Then using the drop down box select your new network configuration and enter all of the details. Then when you next go to the internet Connect app you will be able to select between the two connections via the drop down menu at the top. It seems to work quite well. You don't even need to restart internet applications.
There was a question in the quickies about accessing files in a Public folder from another SSH capable computer. In this piece, I'll try to answer that question and hopefully help folks understand SSH a little better.
Read the rest of this article for a great overview on what SSH actually is, and how to use it for remote connectivity in OS X.
I've been searching the net now since installing OSX Final for a way to use my hosts file in my /etc folder like I do under Linux for developing websites (i.e. in the hosts file I create "127.0.0.1 somesite.me" and then use apache and http headers so that somesite.me in a browser returns a locally created website).
Looking in the /etc/hosts file you are told that the file isn't consulted unless you change your lookupd configuration. Lookupd is handled by NetInfo. And hence my problem: I had no idea how to change the order in NetInfo to look at the flat file /etc/hosts before going to DNS.
Read the rest of this article if you'd like more info on using NetInfo as at hosts file...
Whew! Just got through installing DNSUpdate. I had trouble with the installer. It started up, but didn't seem to do anything. By looking at the uninstall directions, I figured out how to install it manually though.
I untarred the Files.tar.gz in the installer:
sudo tar xzvf DNSUpdateInstaller.app/Contents/Resources/Files.tar.gz
That got me most of the way. But it seems that the location of the StartupItems folder has changed since the Public Beta, so I had to move it:
Although this isn't an OS X specific tip, if you do much with the built-in UNIX-based services in OS X (such as SSH, Apache, and FTP), it may be relevant. These services operate over ports, which are defined and managed by IANA (Internet Assigned Numbers Authority). If you'd like to familiarize yourself with who they are and what they do, just visit their web site.
If you'd like to see a very exhaustive list of port assignments, IANA is the place to go. This list is the most exhaustive that I've ever seen. This can be useful for things such as establishing 'port forwarding' in a router, which will allow certain ports (such as 548, for Appletalk over TCP) to be sent through your router to one target machine (your Mac running OS 9 file sharing over TCP/IP).
If you are a "power user" in the Mac OS 9 world, and you want to delve into all the services that are offered with OS X, some knowledge of port numbers may be helpful as you start experimenting with Apache, SSH, FTP, Samba, etc. For the typical OS 9 convert, though, you won't have to know anything about them -- other than they're out there, and they help make some of the cool stuff in the new OS possible.
This thread over on the MacNN forums discusses how to mount your iDisk using a terminal session. Why might this be useful? You could SSH to your OS X machine from anywhere, mount your iDisk, and then use cp to copy files from your iDisk to one of your local drives ... with the new "Apple Software" folder on iDisk, this could prove to be very handy!
I've documented the "how-to" in the second part of this posting, but head over to MacNN to read the full details!