Welcome to the MacNN Forums.

BladeRunner80 · Mar 13, 2006, 06:57 PM

I've been reading around on how to make use of the FPT capabilities built into OSX. I'm kind of clueless, on this area. I would like to be able to remotely log into my mac at home and access my files on my firewire drive from my work computer (Powermac) or my Powerbook at work. I was hoping to set up some type of FTP server. I currently have Comcast cable internet running into my Airport Extreme base station. Both my Powebook and my iMac connect wirelessly to it. I'm running Tiger on both machines at home and run Panther on my mac at work.

Any help on how to do this would be great, I haven't really dabbed to much into this kind of stuff and would like to learn how it all works. Thanks!

cms · Mar 14, 2006, 07:06 AM

I use Interarchy to pick up stuff from my desktop system that I "forgot" to take with me to work on my MacBook Pro. A single-user licence is only $39 and it's really easy to use, as well as being incredibly fast. Alternativley, you can enable FTP access on your home system (Preferences->sharing->services) This is much slower than using a specific FTP program but it does work.

Whichever method you choose, you'll need to know your WAN IP, and enable the appropriate ports (usually 20 and 22) on your router. The path is quite simple: ftp://(user)@(WAN IP)/Users/(user) -- replace items in brackets with specific username and IP info. You can do this through your Connect to Server interface.

sethwrks · Mar 14, 2006, 11:44 AM

I'm trying to do the same thing, does it matter if the computer goes to sleep?

BladeRunner80 · Mar 14, 2006, 12:14 PM

Do you need a static IP for this? I tried to set up my airport with a static IP (I read instruction on portforward.com) but, Comcast won't give me the IP for the DNS server (I think with Comcast I would have to upgrade to a business package or something). Anyhow, I will give the tips you suggested a try and see how that works. Thanks for the input.

As for the sleep issue, I think you have to leave your computer on, although, I think the macs have a "wake on lan" funtion, but I beleive that it is disabled or doesn't work if you are wirelessly connected. Maybe someone could clarify this?

cms · Mar 14, 2006, 12:42 PM

A static IP is obviously preferable but most ISPs won't give you one unless you pay silly money for a business account. But if you are using a cable modem, running a LAN behind a router, your IP shouldn't change that often. Mine hasn't changed in over 3 months, and I am supposedly a domestic user on a dyanmic IP. Last time it changed was when my ISP upgraded my connection speed to 10-meg from 3, forcing a (remote) hard reset of my cable modem. Since then, it's stayed absolutely rock solid. I check it from time to time and change my ftp client connection info if necessary -- not exactly an onerous task for such convenience!

As far as the sleep issue is concerned, yes, BladeRunner80 is right: your computer does need to be awake in order for ftp access to be available. Wake on LAN works on the LAN interface only and not on wireless in any case, as BladeRunner 80 points out.

BladeRunner80 · Mar 14, 2006, 02:08 PM

Thanks CMS! I've usually just been satisfied with hooking up the airport and logging right on, but learning all these new tricks with networking is starting to interest me more. Thanks again for the help, can't wait to try some of this stuff out!

rjt1000 · Mar 16, 2006, 11:06 AM

There is excellent info on this topic including a detailed step by step video at this link:
http://howto.diveintomark.org/remote-mac/

enjoy,

Rich

McMark · Mar 23, 2006, 06:56 PM

The quicktime guide is brilliant if not confusingly extensive
for a newbie. Would the procedure be the same if you just want
to connect mac to mac rather that pc to mac?
What program would you use on a mac rather than Putty keygen?
as is used on the pc.
Is there a simpler way to do this?
I simply want to get access to my mums g3 400 running panther.
And I am using a g4 1.42 running tiger.

rjt1000 · 02:00 AM

OK, there is a somewhat simpler way, but it is less secure from hackers because it uses standard ssh port 22 and passwords. Hackers can scan for open ports and then try to guess weak passwords but if your moms computer is NOT continuosly connected to the net and you take some precautions you may feel its safe enough for your situation.

This assumes your Moms computer is not behind a router, or else you will need another step to forward ports on her router.

You will need to know your moms ip address, so if it is not fixed, you should bookmark a link on her computers browser where she can check to report her current ip address to you.

On your moms computer: set up a user account for yourself with a strong password. Make sure all accounts on the computer have strong passwords. Then turn on remote login in the sharing preferences. (while you're at it, I would suggest turning on the OS X firewall if its not on already--it should automatically keep open the port for remote login which you enabled.)

Also download and install OS X VNC on your moms computer: http://www.versiontracker.com/dyn/moreinfo/macosx/16699

In the preferences in OS X VNC, set it to accept local connections only (this is an important precaution), and choose a password. You can set OS X VNC to start automatically at each startup, or you can show your mom how to start it up when needed.

OK, now on your computer, download and install Chicken of the VNC http://www.versiontracker.com/dyn/moreinfo/macosx/14099

Using the terminal application on your computer you:

ssh username@ipaddress -L5900:127.0.0.1:5900

(where username is your short username and ipaddress is the numerical ip address of your moms computer in the 12.34.56.78 format)

You will be prompted for your password after which point you have set up a secure ssh tunnel from your computer to your moms whereby traffic on your port 5900 (the vnc port for the default monitor 0) is securely forwarded to your moms computer where the os x vnc server is listening.

Do NOT close the terminal window. Now use Chicken of the VNC client on your computer using the host address 127.0.0.1 and the password you chose on the osx vnc server on your moms computer.

If you did all of this correctly you will be able to see her desktop and control her computer with your mouse and keyboard.

Hope that helps,

rjt1000

McMark · Mar 26, 2006, 03:12 AM

RJT
thanks for putting so much effort
into the response. I tried it already and it
worked. I was amazed.
I am on dsl and my mums on dial up
I guess it must be the dial up end
that causes long delays with my mums
screen coming up on my display.
Any ideas.
thanks again
Mark

lurkalot · 05:15 AM

Originally Posted by McMark

The quicktime guide is brilliant if not confusingly extensive
for a newbie. Would the procedure be the same if you just want
to connect mac to mac rather that pc to mac?
What program would you use on a mac rather than Putty keygen?
as is used on the pc.
Is there a simpler way to do this?
I simply want to get access to my mums g3 400 running panther.
And I am using a g4 1.42 running tiger.

It looks like a mouth full but if you break it down the steps are reatively simple and straight forward.

From reading the web there appear to be some mixed emotions about this but in stead of using a password you can also use SSHelper or the terminal's ssh-keygen command to generate keypairs. This is similar to the way the person in the demo clip did it with putty on Windows.*

The following assumes that your Mom's Mac is the Host on whose computer Remote Login will be enabled.**

In terminal on your Mac and again on your Mom's Mac:

mkdir ~/.ssh
chmod 700 ~/.ssh

This creates an invisible folder called .ssh in your home folders with the right permissions. (Should already be there since you've used ssh before)

In terminal on your Mac only:

ssh-keygen -t dsa

This will generate a dsa key pair. Hit return to choose the .ssh folder you previously created on your Mac for the storage location of the 2 keys or specify an alternative location.

Next you'll be asked for a passphrase. The passphrase serves for decryption/encryption during future key operation but only locally. It ensures that the contents of the key file is not revealed to the world. It also makes it more difficult for someone to abuse the keypair on a compromised computer. It is not a password. Choose a phrase wisely. At least 10 characters, preferably random. Do not give out the passphrase. Only you will ever use it. Your Mom doesn't need it. Enter it twice when prompted during the key generation phase.

The keypair has now been created and are stored in ~/.ssh/
id_dsa
id_dsa.pub

You can verify with the terminal or use the GO menu in Finder.

Now you need to move the Public part of the Keypair to your Mom's Mac and into a file where the ssh server can read it.

E-mail, scp or Skype the file id_dsa.pub to her and place it in her ~/.ssh/ folder (or somewhere else and edit the next command accordingly)

On your Mom's Mac:

cat ~Mom/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
hit return
chmod 600 ~/.ssh/authorized_keys

Now your public key has been added to the keys authorized for use with your Mom's ssh server.

The next time you connect you will be asked for a passphrase rather than a user password. The rest of the ssh operation will remain as before.

You can use SSHKeychain to integrate Mac OS Keychain Access for the passphrase storage and ease of use and to operate the ssh tunnel. Arguably this makes the process less secure since the passphrase is now stored in the OS Keychain on your Mac.

You can also use the Key agent in the terminal.

In response to the first post. Fugu is also a nice Application for several more secure file transfer protocols.

*If you want to set it up as described above you can/should also make some changes to the sshd_config files on your Mom's Mac and in ssh_config on your own Mac, to make the ssh protocol/connection more secure. Now that you have the dsa keys you can basically disable all other authentication methods ssh can also rely on. In fact you probably should do this since ssh will fall back on these other methods if/when key authentication fails rather than refuse a connection.

With SSHHelper can do that in the Server configuration section or you can use the terminal.

sudo pico /private/etc/ssh_config

Remove the # in front of lines you edit to make changes "readable".
In ssh_config find these entries and change:

# RSAAuthentication yes to RSAAuthentication no
# PasswordAuthentication yes to PasswordAuthentication no
# Protocol 2,1 to Protocol 2

Exit and save changes. (Use the control key and the menu hints at the bottom of the pico window)

sudo pico /private/etc/sshd_config

In sshd_config look for these keywords, remove # in front of them and change to these settings:

Protocol 2
ServerKeyBits 1024
PermitRootLogin no
RSAAuthentication no
IgnoreUserKnownHosts yes
PasswordAuthothetication no
ChallengeResponseAuthentication no
UsePam no

Exit and save changes

**If you would rather enable remote login on your own computer you could use a reverse tunnel but achieve the same goal. Do these same set up steps, just on the other computer. Use -R in the ssh command.

***Edit to add: Make a backup of the original files first. For future reference and just in case.
sudo cp /private/etc/ssh_config /private/etc/ssh_config.bak
and
sudo cp /private/etc/sshd_config /private/etc/sshd_config.bak

Not everyone will agree with these settings I suggested. Use at your discretion.

McMark · Mar 27, 2006, 06:34 AM

Hi Lurk
this is quite a lot to take in.
I will certainly be giving it a shot.
Just downloaded sshelper.
Will take a while to get a handle
on the detail but will try it.
thanks

lurkalot · 09:55 AM

Originally Posted by McMark

Hi Lurk
this is quite a lot to take in.
I will certainly be giving it a shot.
Just downloaded sshelper.
Will take a while to get a handle
on the detail but will try it.
thanks

I agree. It took me quite a while to get my head wrapped around it all when I began to look into this, for much the same reasons as you. We have here a case of the blind leading the blind. In more than one way.

Perhaps someone else will come along to break it down a bit more...

But in the end there are only a few commands to type in.

Pico is a text editor so working in those config files is not that different from editing a message at MacNN.

If you do decide to use SSHHelper have a look at the useful HowTo on that website.
Before you use it though make sure to make a backup of those ssh_config and sshd_config files since SSHHelper will overwrite those original files and you may want to be able to restore to the working SSH setup you already have.

Either use sudo as described above or use the Finder menus to go to and create a backup archive of those files that are located in /private/etc/

In the end I personally used the terminal to set it all up -in stead of SSHHelper- and initiate the tunnel.

Good luck

Edit to add: At the link you can see an example of an sshd_config file as it may be used under OS X 10.3.9 LINK, and here is an example of a ssh_config file as it may be used under OS X 10.4 LINK to give you an idea what the files look like before you edit them.

As you can see there are some slight differences between the entries in these files and the suggested edits I wrote above.

rjt1000 · Mar 27, 2006, 08:28 AM

Hi McMark,

Glad you were successful in using VNC over SSH to control your Moms computer. Since your Mom is on a dial-up connection which is only active intermittantly (when your Mom uses it), it is unlikely a hacker would find/ hack her system, so IMHO, password security is probably sufficient in your case. Short of your Mom upgrading her connection to something faster there is only so much you can do to speed it up. Try setting your Moms desktop picture to a plain solid color and keeping her desktop relatively clear. That will mean less data has to be transmitted to you with each screen refresh.

Enjoy,

rjt1000

lurkalot · Mar 27, 2006, 08:44 AM

To add one more thing to what rjt1000 wrote, VNC viewers also allow you to set a connection profile. If you use fewer colors the screen refresh over the VNC connection will also be faster. Although the image is not great it does work well enough for operating the remote computer even at 256 colors.

In Chicken of the VNC the setting can be found in the Connection menu > Connection Profiles under colors.