TweetFollow Us on Twitter

Aug 01 MacTech Online

Volume Number: 17 (2001)
Issue Number: 08
Column Tag: MacTech Online


by Jeff Clites


When the Internet was first growing up, it was developing in a rather safe environment. In fact, to the inventors it was probably a miracle that it worked at all. Now, however, those halcyon days are gone, and we live in less innocent times, where security is a genuine concern—it isn’t practical these days to just assume that things will be safe by default. There are a number of steps that users need to take these days to secure their systems, and this month we are going to look at one of them, ssh. It’s a small but important piece.

What’s ssh?

In brief, ssh (the Secure Shell) is a cryptographically secure replacement for telnet. The name is actually a bit of a misnomer—it isn’t really a shell itself, but rather a mechanism for interacting with a remote shell over a secure communication channel. It’s an indispensable tool for working with Mac OS X in a networked environment—like telnet, it allows you to quickly connect to remote machines, which is handy if not essential for a variety of administration and other tasks. In fact, the most significant security enhancement that ssh gives you may not be that it encrypts the contents of your remote session (which it does), but rather that it encrypts the login exchange itself, meaning that your password is never sent unencrypted over the network. Even in a supposedly secure environment, for instance behind a corporate firewall, it’s a good idea to use ssh instead of telnet whenever possible (which basically means whenever the two machines which are communicating both have it installed), both because it adds an extra bit of security, and also because it will get you into the habit of using it and making sure it is installed and available on all machines you routinely connect to, so that when you are operating in a less secure environment (for instance, if you need to connect from off site) you will be in the habit of reaching for ssh and will be opting for security by default.

Mac OS X has ssh installed by default (as part of a regular update package), and you can use it to connect with remote machines without further setup. To enable connections to your machine you merely need to enable remote login in the Sharing pane of System Preferences (after the update which installs ssh on Mac OS X, this setting is connected to ssh rather than to telnet, which is then disabled by default). The ssh “server” component (sshd) can be run out of inetd, but it is more commonly run as a standalone daemon. If you need to install ssh separately (either because you wish to install a newer version or because your current install is damaged), there are instruction on Stepwise for building and installing OpenSSH under Mac OS X. (The article also includes instructions for compiling in support for using tcpwrappers to further secure things by restricting remote login to a specific set of hosts and adding additional logging.) This version of ssh is free and open-source (part of the OpenBSD project, in fact), and leverages the OpenSSL library for many of its cryptographic algorithms. There are commercial versions available as well (and older free version from commercial vendors), but for most users OpenSSH is a good choice. OpenSSH tries very hard to avoid the use of patented algorithms in its implementation, in order to avoid the attendant restrictions to free development and distribution, and consequently does not support some of the algorithms found in commercial versions. This can be seen as either a virtue or a shortcoming, but in practice it does not interfere with its use.

Building OpenSSH 2.9 on Mac OS X 10.0.x

Securing your Host—tcpwrappers

The SHH Suite

Overall, ssh has a great deal of flexibility in the details of its use. It supports a variety of authentication schemes, from RSA or Kerberos-based authentication to simple passwords or automatic login between trusted hosts; you can choose from several different algorithms (also called ciphers) for the encryption; and you can use ssh for port-forwarding to wrap insecure protocols inside of a secure transfer stream. And in addition to enabling remote login sessions, the ssh distribution contains several related tools which take advantage of ssh’s base facilities for secure communication. For file transfer, there is scp (an analog of rcp and ultimately cp, if you are familiar with those), which is used to copy files between systems over an ssh-based, encrypted channel. Server environments today are often set up without ftp installed in order to enhance security, and in such situations scp is the tool of choice for moving files onto and off of these systems. In addition to encryption, scp also supports compression of files during transit in order to speed transfer, using the same algorithm as gzip. (Compression is also supported by ssh itself, but the benefits are more likely to be noticeable during large file transfers than during a standard interactive login session, although over slow connections compression could make ssh “faster” than telnet for interactive use.) The scp tool has the same semantics as cp, so that source and destination are specified when invoking the tool, rather then being chosen interactively as is commonly done with ftp tools. This can be somewhat inconvenient, as you need to know the exact path to use on the remote system before invoking the tool, which will often necessitate a separate ssh login to “browse around” the remote filesystem to determine the correct path. On the plus side, scp can be used to transfer files between remote systems—neither the source nor the destination needs to be local.

On the other hand, if you need the convenience and flexibility of the interactivity of ftp, you might find sftp more to your liking. It’s a newer addition to the ssh family, and is likely to be less widely deployed at this time. It provides an ftp-like interactive session for file transfer, with similar commands to those used by ftp. Technically, sftp is not itself a secure protocol, but rather it is a protocol designed to be used over a secure channel, provided by ssh. There is a separate executable, sftp-server, which is used by OpenSSH to enable sftp on the server side, but it is invoked by the sshd daemon rather than running separately, so it requires minimal configuration and setup to get it running. One caveat is that sftp is reported to be significantly slower than the traditional scp, although it’s not clear whether this is inherent to the protocol it uses, or if it’s just the result of a still-evolving implementation. Note also that sftp is not simply ftp secured via ssh port-forwarding, because ftp’s use of two separate TCP/IP connections for control commands and data transfer makes this difficult to do; instead, sftp uses a single stream to do its work.


Online, you can find most of the essential information you need at the OpenSSH web site, including download locations, online manual pages, and a short FAQ, as well as links to other sites with articles and even more information. There is also another ssh FAQ available online, more general but somewhat geared toward the commercial versions of ssh.


OpenSSH Manual pages


OpenSSH Articles

The Secure Shell Frequently Asked Questions

There are also a couple of books available devoted entirely to ssh. They can provide you with all the details and options you have for setting up and using ssh on your systems, as well as using it for advanced applications such as tcp port forwarding. Possibly more importantly, they’ll guide you through the minefield of terminology surrounding different version of ssh products and protocols (which are very easy to confuse), and spell out differences and interoperability issues surrounding the different implementations. Try either SSH, The Secure Shell: The Definitive Guide (ISBN: 0-596-00011-1) from O’Reilly and Associates, or UNIX Secure Shell (ISBN: 0071349332) from Osborne. There is also an excellent web site to accompany the O’Reilly book, with extensive reference information and links to protocol specifications and other reference material.

SSH, The Secure Shell: The Definitive Guide

For further helpful info, check out the top 10 FAQ list from Richard Silverman, one of the authors of the O’Reilly book. The security-minded user (which should be everyone, right?) will also want to check out a recent article on about a potential security weakness with ssh, as well as the follow-up rebuttal article from Richard Silverman which corrects some factual errors and gives a less alarmist perspective. For further security info, take a look at the OpenSSH Security page.

Top Ten Secure Shell FAQs

The End of SSL and SSH?

dsniff and SSH: Reports of My Demise are Greatly Exaggerated

OpenSSH Security

Finally, for those interested in some of the more advanced features of ssh, start with the SSH Protocol Architecture internet-draft from the IETF for an extensive high-level overview of the protocol. Then, check out an article from the O’Reilly Network on using an ssh tunnel to increase the security of 802.11b wireless networking, such as that used by AirPort.

SSH Protocol Architecture

Using SSH Tunneling

If you are not yet using Mac OS X (and why aren’t you, huh?), then you can still connect via ssh to remote machines using one of the two clients for the Classic Mac OS. There is NiftyTelnet SSH (based on NiftyTelnet itself) supporting the SSH1 protocol, including scp capabilities, and MacSSH, which is a modified version of BetterTelnet supporting SSH2. Both are available free of charge. If you are running Mac OS X but would prefer a graphical file-transfer tool, try RBrowser, a GUI-based ftp tool which also supports ssh- and scp-based file browsing and transfer. It is still in beta testing, and will require a licensing fee once it is final.

NiftyTelnet SSH




Community Search:
MacTech Search:

Software Updates via MacUpdate

Network Radar 2.3.3 - $17.99
Network Radar is an advanced network scanning and managing tool. Featuring an easy-to-use and streamlined design, the all-new Network Radar 2 has been engineered from the ground up as a modern Mac... Read more
Printopia 3.0.8 - Share Mac printers wit...
Run Printopia on your Mac to share its printers to any capable iPhone, iPad, or iPod Touch. Printopia will also add virtual printers, allowing you to save print-outs to your Mac and send to apps.... Read more
ForkLift 3.2.1 - Powerful file manager:...
ForkLift is a powerful file manager and ferociously fast FTP client clothed in a clean and versatile UI that offers the combination of absolute simplicity and raw power expected from a well-executed... Read more
BetterTouchTool 2.417 - Customize multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom... Read more
Little Snitch 4.0.6 - Alerts you about o...
Little Snitch gives you control over your private outgoing data. Track background activity As soon as your computer connects to the Internet, applications often have permission to send any... Read more
Google Chrome 65.0.3325.181 - Modern and...
Google Chrome is a Web browser by Google, created to be a modern platform for Web pages and applications. It utilizes very fast loading of Web pages and has a V8 engine, which is a custom built... Read more
TeamViewer 13.1.2991 - Establish remote...
TeamViewer gives you remote control of any computer or Mac over the Internet within seconds or can be used for online meetings. Find out why more than 200 million users trust TeamViewer! Free for non... Read more
Printopia 3.0.8 - Share Mac printers wit...
Run Printopia on your Mac to share its printers to any capable iPhone, iPad, or iPod Touch. Printopia will also add virtual printers, allowing you to save print-outs to your Mac and send to apps.... Read more
BetterTouchTool 2.417 - Customize multi-...
BetterTouchTool adds many new, fully customizable gestures to the Magic Mouse, Multi-Touch MacBook trackpad, and Magic Trackpad. These gestures are customizable: Magic Mouse: Pinch in / out (zoom... Read more
Mellel 4.1.0 - The word processor for sc...
Mellel is the leading word processor for OS X and has been widely considered the industry standard for long form documents since its inception. Mellel focuses on writers and scholars for technical... Read more

Latest Forum Discussions

See All

The best games that came out for iPhone...
It's not a huge surprise that there's not a massive influx of new, must-buy games on the App Store this week. After all, GDC is happening, so everyone's busy at parties and networking and dying from a sinister form of jetlag. That said, there are... | Read more »
Destiny meets its mobile match - Everyth...
Shadowgun Legends is the latest game in the Shadowgun series, and it's taking the franchise in some interesting new directions. Which is good news. The even better news is that it's coming out tomorrow, so if you didn't make it into the beta you... | Read more »
How PUBG, Fortnite, and the battle royal...
The history of the battle royale genre isn't a long one. While the nascent parts of the experience have existed ever since players first started killing one another online, it's really only in the past six years that the genre has coalesced into... | Read more »
Around the Empire: What have you missed...
Oh hi nice reader, and thanks for popping in to check out our weekly round-up of all the stuff that you might have missed across the Steel Media network. Yeah, that's right, it's a big ol' network. Obviously 148Apps is the best, but there are some... | Read more »
All the best games on sale for iPhone an...
It might not have been the greatest week for new releases on the App Store, but don't let that get you down, because there are some truly incredible games on sale for iPhone and iPad right now. Seriously, you could buy anything on this list and I... | Read more »
Everything You Need to Know About The Fo...
In just over a week, Epic Games has made a flurry of announcements. First, they revealed that Fortnite—their ultra-popular PUBG competitor—is coming to mobile. This was followed by brief sign-up period for interested beta testers before sending out... | Read more »
The best games that came out for iPhone...
It's not been the best week for games on the App Store. There are a few decent ones here and there, but nothing that's really going to make you throw down what you're doing and run to the nearest WiFi hotspot in order to download it. That's not to... | Read more »
Death Coming (Games)
Death Coming Device: iOS Universal Category: Games Price: $1.99, Version: (iTunes) Description: --- Background Story ---You Died. Pure and simple, but death was not the end. You have become an agent of Death: a... | Read more »
Hints, tips, and tricks for Empires and...
Empires and Puzzles is a slick match-stuff RPG that mixes in a bunch of city-building aspects to keep things fresh. And it's currently the Game of the Day over on the App Store. So, if you're picking it up for the first time today, we thought it'd... | Read more »
What You Need to Know About Sam Barlow’s...
Sam Barlow’s follow up to Her Story is #WarGames, an interactive video series that reimagines the 1983 film WarGames in a more present day context. It’s not exactly a game, but it’s definitely still interesting. Here are the top things you should... | Read more »

Price Scanner via

Thursday roundup of the best 13″ MacBook Pro...
B&H Photo has new 2017 13″ MacBook Pros on sale for up to $200 off MSRP. Shipping is free, and B&H charges sales tax for NY & NJ residents only. Their prices are the lowest available for... Read more
Sale: 9.7-inch 2017 WiFi iPads starting at $2...
B&H Photo has 9.7″ 2017 WiFi Apple iPads on sale for $40 off MSRP for a limited time. Shipping is free, and pay sales tax in NY & NJ only: – 32GB iPad WiFi: $289, $40 off – 128GB iPad WiFi: $... Read more
Roundup of Certified Refurbished iPads, iPad...
Apple has Certified Refurbished 9.7″ WiFi iPads available for $50-$80 off the cost of new models. An Apple one-year warranty is included with each iPad, and shipping is free: – 9″ 32GB WiFi iPad: $... Read more
Back in stock! Apple’s full line of Certified...
Save $300-$300 on the purchase of a 2017 13″ MacBook Pro today with Certified Refurbished models at Apple. Apple’s refurbished prices are the lowest available for each model from any reseller. A... Read more
Wednesday deals: Huge sale on Apple 15″ MacBo...
Adorama has new 2017 15″ MacBook Pros on sale for $250-$300 off MSRP. Shipping is free, and Adorama charges sales tax in NJ and NY only: – 15″ 2.8GHz Touch Bar MacBook Pro Space Gray (MPTR2LL/A): $... Read more
Apple offers Certified Refurbished Series 3 A...
Apple has Certified Refurbished Series 3 Apple Watch GPS models available for $50, or 13%, off the cost of new models. Apple’s standard 1-year warranty is included, and shipping is free. Numerous... Read more
12″ 1.2GHz Space Gray MacBook on sale for $11...
B&H Photo has the Space Gray 12″ 1.2GHz MacBook on sale for $100 off MSRP. Shipping is free, and B&H charges sales tax for NY & NJ residents only: – 12″ 1.2GHz Space Gray MacBook: $1199 $... Read more
Mac minis available for up to $150 off MSRP w...
Apple has restocked Certified Refurbished Mac minis starting at $419. Apple’s one-year warranty is included with each mini, and shipping is free: – 1.4GHz Mac mini: $419 $80 off MSRP – 2.6GHz Mac... Read more
Back in stock: 13-inch 2.5GHz MacBook Pro (Ce...
Apple has Certified Refurbished 13″ 2.5GHz MacBook Pros (MD101LL/A) available for $829, or $270 off original MSRP. Apple’s one-year warranty is standard, and shipping is free: – 13″ 2.5GHz MacBook... Read more
Apple restocks Certified Refurbished 2017 13″...
Apple has Certified Refurbished 2017 13″ MacBook Airs available starting at $849. An Apple one-year warranty is included with each MacBook, and shipping is free: – 13″ 1.8GHz/8GB/128GB MacBook Air (... Read more

Jobs Board

*Apple* Genius - Technical Customer Service...
Job Description:Job SummaryAs a Genius at the Apple Store, you maintain customers' trust in Apple as the skilled technical customer service expert, Read more
Metadata Operations Specialist, *Apple* Med...
# Metadata Operations Specialist, Apple Media Products Job Number: 113387726 Santa Clara Valley, California, United States Posted: 08-Feb-2018 Weekly Hours: 40.00 Read more
*Apple* Retail - Multiple Positions - Apple,...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Data Scientist, *Apple* Ecosystem (AMP Anal...
# Data Scientist, Apple Ecosystem (AMP Analytics) Job Number: 113428728 Santa Clara Valley, California, United States Posted: 24-Jan-2018 Weekly Hours: 40.00 **Job Read more
*Apple* Professional Learning Specialist - A...
# Apple Professional Learning Specialist Job Number: 113456892 Englewood, NJ, New Jersey, United States Posted: 02-Feb-2018 Weekly Hours: 40.00 **Job Summary** The Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.