SSH
Latest
How to stream your iTunes library across the web for free
Mac OS X users and faithful readers of TUAW know that there is great power found in the command-line, but one of the greatest advantages of OS X's UNIX heritage is the secure shell (SSH) client and server. From the Apple Matters article on SSH tunnels for the common man: "SSH is a network protocol that provides secure communication between two computers." Its power comes from the ability to create an encrypted tunnel through which a client can send many types of internet traffic.The Lifehacker article on setting up an SSH server covers the steps necessary to roll your own SSH server whether you are running Windows or OS X. Parts one and two of the Apple Matters series on SSH tunnels provide a lot of useful information on SSH as well as creating an SSH tunnel for encrypting traffic. One such use that has not yet been covered is how it is possible to stream your iTunes library across the internet while using software that is either built-in or available for free.This tutorial will get pretty technical and assumes that you already have an SSH server and you know how to access it from a remote location (e.g. from work). If you are already past the point of just setting up an SSH server and are asking yourself "what now?" then read on to find out how you too can listen to your tunes at work even though they are trapped at home.
Friday Favorite: ShareTool
Another Friday Favorite, our weekly opportunity to get all sloppy over our most-loved applications. If you have an always-on Mac at home, a decent upstream connection and another Mac anywhere outside of your home network, you might find ShareTool to be as useful as I do. It allows you -- with an amazing degree of simplicity -- to access your Bonjour services on a remote machine as if you were still within your home network. It does this over an SSH encrypted connection (and also automatically sets up a proxy for secure web-browsing over the tunnel). Yes, you can get some of these benefits with a simple SSH tunnel, or you could set up a VPN using HamachiX, but the simple fact that ShareTool "Just Works" makes it my favorite choice for everything from screen sharing to iTunes streaming. I use ShareTool on a Mac Mini, with an Airport Extreme Base Station on a connection that gets about 800k average upload speed. iTunes streaming is flawless, and remote drive access is as good or better than just using SFTP. Setup is as simple as choosing a port (defaults to 22, the standard SSH port) to share on and hitting "Share" on your home Mac. After that, you can set it to start at login, and begin sharing on launch. Then, on your remote machine, you just need to enter an IP or domain and the port, and the rest is automatic. You can select which Bonjour services to enable or just go for broke and enable everything. I've got a static IP these days, but services like No-IP and DynDNS work great if you have a dynamic IP address. ShareTool can even handle updating the dynamic IP service for you, so you don't have to run any daemons. ShareTool is provided by YazSoft, and a free trial is available for download on the main page. The pricing structure requires a license for every computer, and a pair of licenses costs $30USD (5 for $75USD). YazSoft provides free updates within a major version number (1.x customers get all 1.x updates for free). If you're looking for an easy way to keep your entire home network handy anywhere you go, it might be worth a try.
Meerkat: simplified SSH tunneling
I would wager that most of the people who know they need an SSH tunnel also know the Terminal commands to make it happen. But if those people happen to be Mac users, it's quite likely they wouldn't be averse to having menu bar access, Growl integration, Bonjour capability and a nice GUI to handle their tunnels. And to those who just know they want secure browsing, email and other network activities but aren't SSH ninjas, such things might be even more attractive. Code Sorcery Workshop's Meerkat is a handy application that provides all of the above tools and offers setup wizards to provide the right settings for the particular tunnel you need. It turns setting up a quick SOCKS proxy for web browsing into a 2 minute task. Setting up a tunnel for Mail is just as simple. Whether you're already using tunnels or looking to get some protection while browsing at the coffeehouse, Meerkat may be able to help out. You can try Meerkat out for free with a time-limited demo. If it should become something you can't (or don't want to) live without, you can register it for $19.95. Thanks, Mark!
SSHing for fun and profit
I'm sure you've heard all the cool kids talking about SSH in the cafeteria during lunch, but you had no idea what it was. Be ignorant no more, because Devanshu Mehta is writing a series of posts about using SSH for Apple Matters.The first in the series explains the basics of SSH and what you'll need to setup before you can start securely tunneling like a spy.Here's the really short explanation of SSH: it allows you to create secure connections between two computers. The protocol is a standard, so you can SSH into almost any kind of computer, assuming it is running SSH and you have the proper credentials.I'll be keeping my eye out for the upcoming parts in this series, because who can't use some more secure connections in their life?
Security Update 2008-002 issues may be cleared up by Rogue Amoeba fix
As many of you have reported, there are a few hiccups for some who have installed the latest Leopard security update. Two of the areas of concern are ssh (no connectivity or a crash) and printing (errors out, documents never finish spooling), with various fixes offered (reinstalling the 10.5.2 combo update, installing a standalone SSH build) and various degrees of success reported.One emergent common thread for some of the problems is the presence of a Rogue Amoeba audio utility, and the gang in the petri dish have responded with a revised version of the Instant Hijack framework. The new 2.0.3 version aims to address a bug that has been latent since the introduction of Leopard's position-independent executables feature, where certain sensitive processes (like, say, ssh) could be run from a randomized memory address, avoiding attack vectors that depend on targeting a specific vulnerable spot within the code.Up until the 2008-002 security patches, according to RA, the PIE feature wasn't used for anything yet -- after the update, surprise surprise, ssh is being moved around when it runs. Since Instant Hijack inspects newly launched processes to see if they have audio properties, it tries to look at the ssh instance in memory -- hey, wherdja go? Hence the problem.If you have been experiencing ssh issues and have Rogue Amoeba apps installed, try the patch and let us know what happens.[via Daring Fireball + Apple discussions]
dsh: dancer's shell gives you power over multiple Macs
This month's MacTech magazine offers a feature article by Edward Marczak on using dsh, the "dancer's shell" or distributed shell utility, to batch-administer machines in a single blast without having to hit each one, or use a pricey management tool such as ARD or LANrev. Although dsh isn't included with Mac OS X or available as a binary or port build, it does compile cleanly on the Mac and should work well out of the box.The idea behind dsh is to take a list of targets (machines you can reach via SSH), and run a command or extended script on all of them at once. This is functionality that's wrapped up in a nice GUI in Apple Remote Desktop; it's deeply powerful and very handy. Supposing you wanted to check the uptime for a bunch of your lab boxes -- manually, you'd have to run around, or SSH to each one and run the 'uptime' command. With dsh, you make your machine list (optionally, loading your SSH public key on the machines ahead of time to avoid password prompts) and run one command:dsh -Ma uptimeVery handy. The full article isn't online yet, but it's worth seeking out a copy of the magazine if you're interested in automation of enterprise Mac admin tasks.
TUAW Interview: Inco, simple sysadmin from your iPhone
The dream of remote system management from your handheld device -- like Dick Tracy's wrist radio, but for geeks -- has long enticed IT professionals. Who wouldn't rather be at the beach or the ballgame instead of chained to a laptop and network access in case something goes wrong? There are already RDC and SSH clients for Windows Mobile and Blackberry devices, but it sure seems like the iPhone would be great for this sort of thing... basic, simple system admin from wherever you happen to be, and on the world's coolest phone, what could be better?That's what Virginia Tech sysadmin Josh Eckstein thought, and hence: Inco, the system management tool for iPhone. Inspired by a vacation (sans Internet access) where he needed to keep an eye on his servers, and complete with heads-up displays of processes and load, file/user controls and an SSH shell (all via MobileSafari, no need to jailbreak or install custom apps), Inco looks like a promising helper for the iPhone owner with rack-mounted gear back in the datacenter that needs monitoring. The elevator pitch for Inco is "like a Green Beret for your computer: be able to get in, do your work, and get out, no hassle," says Josh. If that sounds good to you, the beta signup for Inco has begun over at getinco.com, and you can try it out for yourself; the eventual release will run you $39. Josh was kind enough to sit down with us for a quick chat about the current state of Inco and where he hopes to get the product in the near term.
Secure Your Mac: Untrusted networks and how to deal with them
To tell the unvarnished truth, I have to admit that I'm pretty lax on security for my computers. I don't do anything crazy like open email attachments from people I don't know, and I always double check the address bar of websites before I punch my password in. Even so, on a scale of 1 to 10, I'd say I put about an effort of 5 into keeping my computers secured. There's a lot more I could do.And so I found Albert Lee's short guide on surfing on untrusted networks very helpful. I've got a web server set up that runs my own website, but I never had any idea how to get all my network traffic running through there. Albert's guide makes that super easy-- this Lifehacker piece explains the basics of surfing with a proxy, and Albert's guide tells you exactly how to do everything on your Mac, and even how to automate the whole process using Applescript. Eventually, you can have it set up so that one double-click will get your proxy connected and get you surfing securely.The one thing you know about untrusted networks is just that: they shouldn't be trusted. When it's this easy to get your web traffic locked down, there's no reason not to.Thanks, Albert!
Hack Alert: ssh from iPhone
This morning, reigning iPhone hack-king NerveGas compiled and installed sshd2 and ssh on his iPhone. So what does this mean? It shows that the first steps have been taken towards allowing the iPhone to natively ssh out. For all of you who are inclined to say "Oh ssh, my Nokia can do that... pffft", remember we're still in iPhone's early days. And, no, there isn't a GUI version yet. If you need ssh on your iPhone right now, you'll need to use a Web-based solution. Want to learn more? Head over to #iphone-shell at irc.osx86.hu. Thanks to the whole iphone-shell gang.
TUAW Tip: Put iPhone's File System onto your Desktop with sshfs
TUAW has talked before about sshfs, the secure shell file system, and MacFUSE, the OS X implementation of FUSE (File-system in USErspace). So it's not huge news that you can use MacFUSE/sshfs to access the files on your iPhone but it might be an option that you've overlooked. It's certainly convenient. You can open a Finder window and treat your iPhone as another disk drive. To make this happen, you must first enable ssh on your iPhone. Then, install MacFUSE and run sshfs, which will prompt you for the Server name (enter the iPhone's IP address) and Username (use "root"). Authenticate and, boom, you're good to go. The iPhone appears in your Finder source list as a new connected device.
ssh on iPhone
Over at the #iphone channel at irc.osx86.hu, the thoroughly awesome NerveGas has figured out how to enable ssh on the iPhone without using restore mode. The secret lies in overwriting an existing binary and plist to trick the iPhone into calling chmod on the Dropbear ssh server and making it executable. At this time, NerveGas has used Nightwatch's compiler to create iPhone-compatible versions of curl and ps as well as a number of other useful Unix utilities. (He's working on grep, as I write). So what does this mean? Well, once you've got ssh installed on your iPhone and active, you can access your iPhone from a shell on your Mac. You can send and retrieve files using scp or sftp. And you can use the compilation toolchain to build other Unix utils or even your own software. It's just a short matter of time until perl and other command-line utilities are iPhone-ready.
JellyFiSSH: secure shell the easy way
JellyFiSHH is a cool little bookmark manager for automating connections to remote servers over telnet, SSH 1 or 2. SHH (or Secure SHell) is an important tool for creating secure connections across the Internet to a remote machine. By default this just gives you shell access (i.e. terminal access) to the remote server. Of course you can do all kinds of things with shell access, but one really cool thing about SSH is that you can also create secure tunnels to the remote computer through which you can run other applications, such as Chicken of the VNC for remote desktop access. By default, VNC connections are not secure, so that means things like passwords, etc. could potentially be intercepted. By going through a SSH tunnel, the VNC connection will be encrypted in the same way that regular SSH terminal access is secure. One of the great things about JellyFiSHH is that it will automate the creation of the tunnels by generating the appropriate terminal commands to create the tunnel based on settings you enter into its GUI (as above). As it happens, the guys over at FreeMacBlog have a great video tutorial up that shows you exactly how to set up a secure VNC connection with JellyFiSHH.JellyFiSHH is a free download from grepsoft.net[Via FreeMacWare]
Apple TV hacks coming fast and furious: VLC, SSH, VNC, Apache and more
The Apple TV hacks are coming fast and furious as recorded on both the Something Awful thread we already told you about, and at the Apple TV Hacks blog. Over at Something Awful, user macado shows the Apple TV successfully decoding a 720p XviD clip using the open source VLC player (though only for 6 minutes). Other users have demonstrated Firefox and iTunes running on an Apple TV as well. Meanwhile at Apple TV Hacks, there are already tutorials up on getting SSH and AFP access and even setting up Remote Desktop (VNC) and Apache.In short, the Apple TV has been busted wide open and is well on its way to being hacked into a general purpose (if rather underpowered) mini Mac mini (Mac nano, perhaps?), running OS X 10.4.7 as you can see above. For those of you with a hankering to break your warranties, it looks like the Apple TV is eminently hackable and has a lot of potential.[Via Apple TV Hacks]Update: the 6 minute thing has to do with the fact that the Apple TV automatically resets after 6 minutes (see the comments below).
DIY cat feeder powered by Ubuntu Linux, CD-ROM tray
It seems, from our very unofficial research, that cat owners tend to be geeks. And to prove our point, we bring you the geekiest cat owner in history. Lee Holmes, of Ontario, Canada, recently combined his Ubuntu Linux server to create a Rube Goldberg machine of a cat feeder. By running a script on his server, the CD-ROM tray pops open, a trap door opens, allowing cat food to flow down a cardboard chute into his cat's bowl. (Bah, just go watch it in action on YouTube, which is linked from his site.) As if that weren't geeky enough, he can use his i-mate JasJar to SSH to the server, allowing him to feed his cat from across the room, or across the world. Now all he needs is to figure out a way for the restocking process to be automated, and he could retire from his day job and sell these things to cat owners worldwide. [Via MAKE:Blog]
FTP explained
Who better to explain the ins and outs of the twisted FTP world than Steven Frank, one of the minds behind Transmit? Well, that's exactly what Steve has done for us on his blog. If you don't know your SFTP from your FTPS then this is the article for you.Sure, he recommends that you try his company's FTP application, but that doesn't mean he isn't FTP knowledgeable.
