CrabApple Forest
The Orchard of Mac Knowledge!
Please Visit Often!
This article assumes that you are already able to ssh into a remote server using a password (that is, that your account has been created on the remote system and you are able to access it). Here’s how to set up ssh public/private key authentication so you don’t have to use the password on future logins, or so you can use Public Key authentication with MacFusion.
First, open a terminal or iTerm window as we will be using it for most of the following operations. First, navigate to your home directory, and see if there is a folder called .ssh. Note that Finder will NOT show you this directory unless you have it set to show all file extensions, so since we are at a command line prompt anyway, it’s easiest to just type “cd ~” (without the quotes) to go to your home directory in Terminal or iTerm and type “ls -a” (again without the quotes - always omit the quotes when we quote a command) to see if the .ssh directory exists. If it does, go into the directory (”cd .ssh”) and see if there are two files called id_rsa and id_rsa.pub (use “ls -a” again). If either the directory or the files do not exist, you will need to create them.
ssh-keygen -t rsa -f ~/.ssh/id_rsa -C "your@emailaddress.com"
Replace your@emailaddress.com with your email address - this is just to make sure the keys are unique, because by default it will use your_user_name@your_machine_name.local, which might come up with something too generic, like john@Mac.local. It’s unlikely that anyone else is using your e-mail address in a key.
Now, from your terminal or iTerm window, execute the following commands. Replace username with your login name and remote with the address of the remote system. Note that you should NOT be logged into the remote system when you execute these - these are run from a command prompt on your local system, and you probably will be prompted to enter your password (for the remote system) after each of at least the first couple of commands:
ssh username@remote ‘mkdir ~/.ssh;chmod 700 ~/.ssh’
The above creates the .ssh directory on the remote system and gives it the correct permissions.
scp ~/.ssh/id_rsa.pub username@remote:~/.ssh/authorized_keys
The above copies your public key to the list of authorized keys on the remote system (creating the list if it does not already exist).
ssh username@remote ‘chmod 600 ~/.ssh/authorized_keys’
This fixes the permissions on the authorized_keys file on the remote system.
And, that’s basically all there is to it. If you are the system administrator of the remote system, but you don’t ever plan to login from a remote location as root, then for extra security edit the file /etc/ssh/sshd_config on the remote system (you’ll probably have to be root, or use sudo to do this task). Just use your favorite text editor on the remote system to open the file, and look for a line that says:
PermitRootLogin yes
And change the “yes” to “no”. If you don’t have permission to edit this file (even by using sudo) then don’t worry about it, because you probably can’t login as root anyway.
The above are very basic instructions for setting up ssh public/private key authentication. There are other ways to do this (including some that are arguably a bit more secure) but we wanted to keep it simple. Hopefully this will help someone who is using ssh, MacFusion, etc. and wants something a bit more secure and less bothersome than password access.
Related posts
Posted by JohnnyAppleseed | Under Review, Software
Sunday May 4, 2008
Recently we’ve written on the subject of Screen capture programs for the Mac and also on MacFUSE. This article brings the two concepts together, to point out another, rather unique way to get screenshots on the Mac, using GrabFS: The Screenshot File System. GrabFS requires Leopard to run, and you must also have installed MacFUSE.
As the developer’s site explains:
GrabFS is a file system that shows you a live view of the window contents of currently running applications. In a GrabFS volume, folders represent running applications and image files represent instant screenshots (”grabs”) of the applications’ windows. You simply copy a file or just open it in place, and you have a screenshot. Open it again, and you have a new screenshot!
At the top level of the GrabFS volume, you will see several folders—each corresponds to a running application. A folder’s name incorporates the corresponding application’s name and its BSD process identifier. …..
Don’t worry if you don’t get the part about the process identifier, it’s not really necessary to understand that to use GrabFS.
In each folder you will see one TIFF file for each onscreen window of the application. The neat thing is that these TIFF files are a current snapshot of the window as of the time you open the file.
These screenshot “files” are, of course, read-only, but they can be opened or copied just like any other file. There are some interesting differences betwen these and regular screenshots on the Mac - for example, the Mac’s screenshot functionality usually adds a drop shadow to the screenshot, which looks nice in most cases but may not be desirable in others. GrabFS does not include the added shadow. Also, if the screen of a particular window is constantly changing, you could (if you know how) use Applescript, or perhaps an Automator workflow to copy the current screen at regular intervals. You could even copy these screenshots to another computer (might be useful for remote debugging).
This is one of those applications which some people will immediately see as quite useful, while others will never have a need for it. But if it sounds interesting to you, head on over to the developer’s page and read the full description, then if you think it might have a useful place in your software toolbox (and you have already installed MacFUSE), download and install it.
Related posts
Posted by JohnnyAppleseed | Under Programming, Review, Software
Friday May 2, 2008
We never intended this to turn into a trilogy when we started out, but our quest to find the perfect GUI to set up SSH connections using MacFUSE and sshfs (or, perhaps, as a replacement to sshfs) has turned up yet another candidate. This one may be the best of all, but there’s only one thing about it that gives us pause.
The program is called MacFusion and it’s described as “an open source project released under the Apache License.” (Edit: Although what is supposedly an updated BETA release can be found at macfusionapp.org, we could not get that version to mount a remote filesystem, and it didn’t seem to have as many options in the preferences. Therefore, these instructions are for the original version, which works well for us under Leopard). You can download it freely, but the author does accept donations. It’s more similar to Secure Remote Disk than to sshfs, but it seems to have everything that those other programs are missing. The feature list for MacFusion is as follows:
- FUSE filesystems so far: SSHFS, CurlFTPFS
- Passwords can be stored in the keychain for SSH or FTP server
- Support for public/private key authentication using SSH (Use SSHKeyChain)
- Stores favorites and allows automatic connection of favorites on start (emphasis added!)
- Configurable behavior of mounted filesystems on system sleep
- Handles SFTP:// and FTP:// URL links. Try setting it up with Quicksilver!
- Sparkle updating
To get it running you simply download it from Google Code and install it as you would any other Mac application (of course, you must have already installed MacFUSE). The first time you start it, it comes up with a rather ominous warning:
We decided to go ahead and try using the program anyway, but obviously we can’t guarantee that you won’t have any problems if you do. However, MacFusion is so much nicer to work with that we’d suggest at least trying it. You can always uninstall it if it doesn’t work properly for you.
MacFusion is a bit different from the other programs we have covered in that it puts an icon in the top menu bar. When you click on that icon, you get a drop-down menu:
There aren’t many preferences but you will probably want to at least check the “Start MacFusion on Login” checkbox (you’ll see why in a moment):
After you set the preferences, you’ll want to edit favorites:
In the favorites window, click the + at the bottom to add a favorite, then click on SSH to add an SSH connection. Note that with MacFusion you can also connect to an FTP server, something the other programs aren’t designed to do:
A window will pop up allowing you to add the details of your connection. Note that the name you give in the “Name” field is actually used as the name you see when you move the volume into the Finder left-hand sidebar (unlike Secure Remote Disk).
Once you fill in the details and click OK, it will try to connect to the server. Note that you can make more than one connection to the same server. When the server is mounted the button will turn green; while you are still waiting for it to mount it will be yellow:
Note that when you are in this panel and you highlight a mounted server, the “Mount” button in the lower right hand corner changes to “Unmount”, so you can mount and unmout your servers at will. But also note the “Auto” checkbox next to each server - if you check that, then when you start up MacFusion it will automatically mount that server. Now keep in mind that in the program’s preferences you can set it to “Start MacFusion on Login”, and now you see that you can have your servers automatically mounted at login or startup.
Unlike Secure Remote Disk, but like sshfs, the pseudo-drives representing your servers are placed in the /Volumes directory, not in subdirectories off your user directory. This is the preferred location. As with sshfs, you can also get to them by clicking on any Finder window, then selecting “Go” in the top menu bar, and then in the dropdown selecting “Computer” (this was all detailed in the first article of this series) . When the Finder window pops up that shows all your drives, you can drag the ones that represent your SSH connections to Finder’s left-hand sidebar (under the devices, not the shared locations), to make them accessible in all Finder windows. The difference with MacFusion is that it will show the name you gave the connection, not the net address of the connected server, so if you give each connection a unique name then that’s what you’ll see in the sidebar.
As before, connections in the Finder sidebar will have an “eject” button next to the name, which if clicked should break the connection to the remote server. But that’s not as important in MacFusion, because you can simply click on its icon in the top menu bar and then use the GUI to mount or unmount connected servers.
And, as we noted above, MacFusion allows FTP servers to be mounted in addition to SSH servers. FTP isn’t as secure as SSH, but in some cases you may have FTP access to a server, but not SSH access. That said, Finder by itself is perfectly capable of making a read-only FTP connection by selecting “Go” in the top menu bar and then “Connect to Server”, but it may be easier to manage FTP connections using MacFusion. We probably wouldn’t install MacFUSE and MacFusion simply to make FTP connections, but if we were already using it to manage SSH connections we’d certainly use it manage our FTP connections as well.
(Edit: Since we first published this article, we came across a post on macosxhints.com that explains how to Mount a gateway-accessed server directly using MacFUSE. You might want to do this if, for some reason (usually involving firewall restrictions) you have to chain a connection through multiple servers. In addition, a comment by a reader of that article mentions that MacFusion can be used to facilitate this. Most users won’t need to do this, but this information is provided for those who do. Also, after this article came out, we published an article entitled “Stop entering passwords: How to set up ssh public/private key authentication for connections to a remote server” that shows how you can take the necessary steps to allow you to use Public Key authentication with MacFusion).
In this series of three articles (which was only intended to be a single article at the outset), we have told you about sshfs, Secure Remote Disk, and MacFusion. While all appear to work, MacFusion is in our opinion the hands-down winner in terms of functionality and ease of use. Were it not for that initial warning, which screams out to us that the developer may no longer be interested in keeping this software current with upgrades of MacFUSE, we’d have no problem giving MacFusion our highest recommendation. Despite the warning, MacFusion seems to work with the current version of MacFUSE (as of this writing). And there is some degree of support available through the MacFusion-devel group on Google Groups.
One of our goals in this effort has been to find a no-cost equivalent for a particular commercial program that shall remain nameless in this article, but that also uses MacFUSE at its core. We think maybe it’s a just a bit bit nervy to build your commercial product around someone else’s free software, but we just hope that the company behind the commercial product is compensating the author of MacFUSE in some way. But for those who would rather not purchase that product, we think that for now at least, the combination of MacFusion and MacFUSE gives you most (if not all) of the functionality of that other software. And as we’ve said before, we love free software here in the CrabApple Forest!
Related posts
Posted by JohnnyAppleseed | Under Programming, Review, Software
Thursday May 1, 2008
Do you own, or have access to a remote server that is accessible via the Internet? Do you know how to, and are you able to make an SSH connection to it using Terminal or iTerm? If the answer to those questions is "yes", then I have another one: How would you like to see files and directories on that system appear in Finder on your Mac, just as if your filespace on that system was an external drive sitting next to your computer? This is not only possible, it’s fairly easy, especially once you get past the initial installation of a couple pieces of software.
The installation is a piece of cake, but it does require a system reboot First go to this page at Google Code and download the correct version of MacFUSE for your operating system, and while you are there you can also download the sshfs package:
When you have downloaded the MacFUSE package, double click on it and it will mount the disk image. Inside you should see several items, including a package called MacFUSE Core. Double click on it and it will bring up the MacFuse installer.
Next you will get the opening page of the MacFUSE installer, but first a word from the Apple Nanny:
After you dismiss that irritating screen, you can continue with the installation:
Now, at this point we could show you a few more screenshots, but you really don’t need them - on every screen of the MacFUSE installation, all you have to do is click the obvious choice to continue. There are no options to deal with (well, we suppose you could change the default install location, but that’s probably not a good idea).
Unfortunately, in order to actually USE MacFUSE, you then have to reboot your Mac. Yeah, we hate that too. But once you have rebooted, you can then run the sshfs installer (EDIT: Before you do anything with sshfs, see our article on MacFusion: A BETTER GUI for MacFUSE and sshfs - we think you’ll agree it’s a better interface than sshfs. But if you want to install sshfs just to “get your feet wet” with this technology, that’s fine too, and in any case you should continue reading this article for information on ssh authentication, which is also applicable if you use MacFusion). This is just a normal application disk image so click on it to mount it, click on the license agreement, then drag the application icon into your applications folder in the usual manner. Now, when you want to connect to a remote site, just call up the sshfs application and it will prompt you for the information it needs to make the connection:
Note that after you have clicked on the "Connect" button, you may or may not be prompted for a password. This will depend on whether you have ever set up public and private keys for authentication without the use of a password on your SSH server. Generally, if you can SSH into the server without entering a password, then sshfs shouldn’t prompt you for a password either.
It’s beyond the scope of this article to explain how to set up ssh public/private key authentication, but there are literally thousands of pages indexed by Google that will tell you how to do it - naturally, some pages give better instructions than others. Try doing a Google search on something like "Mac ssh public key." (If you have found a page of instructions that you feel are particularly helpful, please leave the URL in a comment!) EDIT: We have added an article entitled “Stop entering passwords: How to set up ssh public/private key authentication for connections to a remote server” that explains one method of doing this.
Note that there are several options that can be used when setting up ssh public key authentication, and everybody that writes up the instructions seems to have an opinion on which options are the best, or generally speaking, the "correct" way to implement this. If only they all agreed with each other! So if you don’t know enough about it to evaluate the information on those pages, you might be better off sticking with using passwords for the time being - except that passwords are not as secure as key authentication, so maybe it would be a good idea to try and set up the key authentication if you can possibly manage it.
Anyway, once you have sshfs going and the connection made, all you have to do is go into Finder and find the icon for your connected share. If you don’t see it, click on any Finder window, then look at the top menu bar and you should see a selection labeled "Go", which when clicked on produces a drop-down menu:
One of the selections is "Computer" - click on that and it should show you a Finder window with all your mounted drives and shares, including (assuming you have successfully connected) the pseudo-drive that represents your ssh connection to the server. Note that you can drag the icon for this drive into Finder’s left-hand menu (under the devices, not the shared locations), to make it accessible in all Finder windows. This will also give you an "eject" button next to the share name, which if clicked should break the connection to the remote server. A possible alternate way to find the pseudo-drive is to look in the /Volumes directory. In either case, it will bear the name of the system you are connecting to.
Note that simply closing the sshfs application does not seem to break the connection to the server, so once the connection is established you can quit the sshfs app and get its icon out of your your dock area. Also, after you have made the first connection to your server, on subsequent connection attempts you should be able to call up sshfs, cancel the connection dialog, and then in the top menu bar click on "File", then "Recent SSH Servers" and select your server for a quicker reconnection.
If you are using a password, then you will still be prompted for it on each connection attempt. As far as we know, there’s no easy way to automatically establish the remote connection as part of the login process. Note that we said "no easy way", not "no way." We’ve found several techniques for doing it, but all involved the use of such things as shell scripts, Applescript, etc. and really seemed a bit overcomplicated to us. We’re thinking there just might be a way to do it in Automator but haven’t had the opportunity to experiment with that yet. If anyone knows of an elegant method for establishing the connection automatically at login (using entirely free software, of course), please let us know in the comments. Otherwise, if we ever figure out a way to do it, we’ll be sure to do a follow-up post explaining the procedure.
There is one known quirk of this software, and that is that it will always report that you have 1000 GB free on the remote system. Apparently this is something that they’ve been unable to work around. Also, bear in mind that this is not commercial software, so there may be a few other things that don’t work quite as you may expect, but on the whole it works remarkably well.
MacFUSE has other uses besides running sshfs. MacFUSE is the Mac implementation of FUSE, which stands for "Filesystem in Userspace." If you want to know more about FUSE, check out the Wikipedia article. One of the other more popular uses of MacFUSE is to allow use of NTFS-3G, a stable read/write driver that allows both read and write access to drives and devices that have been formatted using the Windows NTFS format (be sure to get the version that works with MacFUSE, and please note that we have not tested this so you may want to read up on it prior to installing it, and only use it if you feel it will reliably meet your needs).
Related posts
Subscribe to CAF
