Are you a geek? Take this simple test at home: Do you get excited about OS X’s ability to permit SSH access?
If you answered “What’s SSH?” or “I’m already being quiet,” then the following discussion of Unix remote control may not interest you. To be sure, SSH is not a program with a graphic user interface (icons and menus). You operate it from within a program like Terminal by typing commands. (For details on Terminal, see the free downloadable appendix called “Terminal Crash Course.pdf” on this book’s “Missing CD” page at www.missingmanuals.com.)
If you’re willing to overlook that little peccadillo, though, SSH (Secure Shell) is an extremely powerful tool. It lets you connect to your Mac from anywhere—from across the network or across the Internet. And once you’re connected, you can take complete control of it, copying files, running commands, rearranging folders, or even shutting it down, all by remote control.
Here’s how you go about using SSH:
Set up your Mac by opening the Sharing panel of System Preferences and then turning on the Remote Login checkbox.
You’ve just told the Mac it’s OK for you (or other people with accounts on your machine) to connect from the road. Quit System Preferences.
Go away.
You can move to another machine on the network or another computer on the Internet (if you’ve dealt with the port-forwarding issue described on Connecting from the Road). Once you’re online with that other machine, you can contact your home-base machine from within a program like Terminal.
It doesn’t have to be Terminal, and it doesn’t have to be a Mac. You can get SSH client programs for almost any kind of computer.
For pre–OS X Macs, for example, you can try MacSSH or NiftyTelnet SSH, both of which you can download from this book’s “Missing CD” page at www.missingmanuals.com. For Windows, try Putty (www.puttyssh.org).
At the prompt, type ssh -l chris 111.222.3.44. Press Return.
Instead of chris, substitute your short account name (as you’re known on the Mac you’re tapping into), and replace the phony IP address shown here with your real public address. (If your Mac back home has a domain name unto itself, such as macmania.com, you can type that instead of the IP address. And if you’ve turned on port forwarding, use your cable modem/DSL box’s IP address.)
If all goes well, the ssh command acknowledges your first successful connection by displaying a message like this: “The authenticity of host ‘111.222.3.44 (111.222.3.44)’ can’t be established. RSA key fingerprint is d9:f4:11:b0:27:1a:f1: 14:c3:cd:25:85:2b:78:4d:e7. Are you sure you want to continue connecting (yes/no)?” (This message won’t appear on subsequent connections.) You’re seeing SSH’s security features at work.
Type yes and press Return.
Now you see one more note: “Warning: Permanently added ‘111.222.3.44’ (RSA) to the list of known hosts.” You’re then asked for your account password.
Type your account password and press Return.
You’re in. Issue whatever commands you want. You can now conduct a full Unix Terminal session—but by remote control.
One of the most common uses of SSH is quitting a stuck program. Maybe it’s a program that doesn’t respond to the usual Force Quit commands—maybe even the Finder or Terminal. Or maybe, having just arrived in Accounting on the fifth floor, you realize that you accidentally left your Web browser, open to Dilbert.com, up on your screen in clear view of passersby.
In any case, you’d fire up Terminal and proceed like this (what you type is shown in bold; the Mac’s responses are in normal type):
home-mac:~ chris$ssh 172.24.30.182The authenticity of host '111.222.3.44 (111.222.3.44)' can't be established. RSA key fingerprint is d9:f4:11:b0:27: 1a:f1:14:c3:cd:25:85:2b:78:4d:e7. Are you sure you want to continue connecting (yes/no)?yesWarning: Permanently added '172.24.30.182' (RSA) to the list of known hosts. chris@111.222.3.44's password:fisheggsLast login: Thu Apr 22 17:23:38 2010 Welcome to Darwin! office-mac:~ chris$top -u
The top -u command displays a list of running programs. After a block of memory statistics, you might see a list like this:
1156 top 6.6 00:00.27 1/1 0 28 29 1344K+ 216K2052K+ 17M 139 Terminal 2.4 00:34.24 5 1 130- 192- 11M-28M 26M- 51M 788 bash 0.0 00:00.02 1 0 20 24 656K 840K1436K 17M 787 login 0.0 00:00.04 2 1 34 62 880K 260K2144K 49M 283 Finder 0.0 00:23.02 9 3 247 666 33M 96M 81M 0M 426 SystemUIServ 0.0 00:14.24 3 1 290 410 30M 47M 47M 112M 151 Dock 0.0 00:05.95 4 2 201 851 22M 36M 59M 73M
As you can see, the Finder is process number 283. If that’s the stuck program, then you could quit it like so:
office-mac:~ chris$ kill 283Or if you’re sure of the program’s exact name, just use the killall command with the program’s name instead of its process ID. To handle a stuck Finder, you would type this:
office-mac:~ chris$ killall FinderEither way, the Finder promptly quits (and relaunches in a healthier incarnation, you hope). You could also, at this point, type sudo shutdown -h now to make your Mac, elsewhere on the network, shut down. (Terminal doesn’t type any kind of response.)
If you ended your SSH session by shutting down the other Mac, you can just close the Terminal window now. Otherwise, type exit to complete your SSH session.
Want a quicker, dirtier method of doing SSH that doesn’t even require knowing the other machine’s IP address? OK: Open Terminal. Choose Shell→New Remote Connection. In the list of connection types, choose ssh/ftp/telnet. Every Bonjour-enabled Mac on your network shows up; click one and then click Connect to connect!