Originally Posted by McMark
The quicktime guide is brilliant if not confusingly extensive
for a newbie. Would the procedure be the same if you just want
to connect mac to mac rather that pc to mac?
What program would you use on a mac rather than Putty keygen?
as is used on the pc.
Is there a simpler way to do this?
I simply want to get access to my mums g3 400 running panther.
And I am using a g4 1.42 running tiger.
It looks like a mouth full but if you break it down the steps are reatively simple and straight forward.
From reading the web there appear to be some mixed emotions about this but in stead of using a password you can also use
SSHelper or the terminal's ssh-keygen command to generate keypairs. This is similar to the way the person in the demo clip did it with putty on Windows.*
The following assumes that your Mom's Mac is the Host on whose computer Remote Login will be enabled.**
In terminal on your Mac and again on your Mom's Mac:
mkdir ~/.ssh
chmod 700 ~/.ssh
This creates an invisible folder called .ssh in your home folders with the right permissions. (Should already be there since you've used ssh before)
In terminal on your Mac only:
ssh-keygen -t dsa
This will generate a dsa key pair. Hit return to choose the .ssh folder you previously created on your Mac for the storage location of the 2 keys or specify an alternative location.
Next you'll be asked for a passphrase. The passphrase serves for decryption/encryption during future key operation but only locally. It ensures that the contents of the key file is not revealed to the world. It also makes it more difficult for someone to abuse the keypair on a compromised computer. It is not a password. Choose a phrase wisely. At least 10 characters, preferably random. Do not give out the passphrase. Only you will ever use it. Your Mom doesn't need it. Enter it twice when prompted during the key generation phase.
The keypair has now been created and are stored in ~/.ssh/
id_dsa
id_dsa.pub
You can verify with the terminal or use the GO menu in Finder.
Now you need to move the Public part of the Keypair to your Mom's Mac and into a file where the ssh server can read it.
E-mail, scp or Skype the file id_dsa.pub to her and place it in her ~/.ssh/ folder (or somewhere else and edit the next command accordingly)
On your Mom's Mac:
cat ~Mom/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
hit return
chmod 600 ~/.ssh/authorized_keys
Now your public key has been added to the keys authorized for use with your Mom's ssh server.
The next time you connect you will be asked for a passphrase rather than a user password. The rest of the ssh operation will remain as before.
You can use
SSHKeychain to integrate Mac OS Keychain Access for the passphrase storage and ease of use and to operate the ssh tunnel. Arguably this makes the process less secure since the passphrase is now stored in the OS Keychain on your Mac.
You can also use the Key agent in the terminal.
In response to the first post.
Fugu is also a nice Application for several more secure file transfer protocols.
*If you want to set it up as described above you can/should also make some changes to the sshd_config files on your Mom's Mac and in ssh_config on your own Mac, to make the ssh protocol/connection more secure. Now that you have the dsa keys you can basically disable all other authentication methods ssh can also rely on. In fact you probably should do this since ssh will fall back on these other methods if/when key authentication fails rather than refuse a connection.
With SSHHelper can do that in the Server configuration section or you can use the terminal.
sudo pico /private/etc/ssh_config
Remove the # in front of lines you edit to make changes "readable".
In ssh_config find these entries and change:
# RSAAuthentication yes to RSAAuthentication no
# PasswordAuthentication yes to PasswordAuthentication no
# Protocol 2,1 to Protocol 2
Exit and save changes. (Use the control key and the menu hints at the bottom of the pico window)
sudo pico /private/etc/sshd_config
In sshd_config look for these keywords, remove # in front of them and change to these settings:
Protocol 2
ServerKeyBits 1024
PermitRootLogin no
RSAAuthentication no
IgnoreUserKnownHosts yes
PasswordAuthothetication no
ChallengeResponseAuthentication no
UsePam no
Exit and save changes
**If you would rather enable remote login on your own computer you could use a reverse tunnel but achieve the same goal. Do these same set up steps, just on the other computer. Use -R in the ssh command.
***Edit to add: Make a backup of the original files first. For future reference and just in case.
sudo cp /private/etc/ssh_config /private/etc/ssh_config.bak
and
sudo cp /private/etc/sshd_config /private/etc/sshd_config.bak
Not everyone will agree with these settings I suggested. Use at your discretion.