cars

allpar, the Chrysler - Dodge - Plymouth - Jeep site

The opinions expressed here are not necessarily the opinions of Allpar.

Secure FTP, Mail, and Other Connections From Macs to UNIX

Under OS 7.5.3 through OS 9.2.2

First, I would like to thank Jean-Pierre Stierlin, the writer of MacSSH and MacSFTP, for his extensive help in getting me set up and running - and the people at Esosoft, the operators of my virtual server, for their help as well.

Under Mac OS 7.5.3 through 9.2.2, the best way to assure secure connections is often via an SSH tunnel. You can buy F-Secure, but I was unable to get it to work, and their support was lamentable. You can also download MacSSH for free. (More on OS X later).

Note that I already had a secure e-mail connection, thanks to Esosoft - they advised me to simply set the SSL setting in Eudora Pro 5.1 to "Secure, Alternate Port." This will not work for all service providers, but I suspect it will work for most. I eventually set up a secure tunnel for POP mail anyway, so I could use MailSiphon to remotely delete my spam (which I divert into a separate mailbox using Procmail, but that's another story).

What I needed to do was set up a way to use GoLive's (or Dreamweaver's) FTP over a secure channel. That would let me use their automated update features. MacSFTP, a very good and inexpensive shareware program, does secure FTP, and Esosoft supports SFTP; that would work for a small web site, but not for one with literally thousands of files, because FTP mirroring checks each file's modification date individually, then uploads the newer versions. That would take an incredible amount of time, while GoLive and Dreamweaver simply find out which files have been modified since the last upload. Besides, it's handy to have everything in one place.

So I set up a tunnel using MacSSH. This is not unlike the way you connect to the Internet by dialing your local ISP (or connecting to your cable or DSL); the connection goes through MacSSH to get to its destination.

MacSSH comes with instructions, but I had some issues and questions which I will detail here. I won't duplicate all of MacSSH's instructions, just go over the issues I had.

First, to get FTP to work, you need to use passive mode. In GoLive, this is under Site - Settings - FTP - Advanced. In Fetch, it's under one of the preferences tabs. Passive mode is no problem most of the time, and you probably won't notice the difference.

Second, I set up just two tunnels: one for port 21 (FTP) and one for port 110 (POP3, or incoming mail). If I needed to secure SMTP (outgoing mail), I'd also set up one for port 25. Since MacSSH automatically creates a Telnet terminal, I didn't bother routing that.

To set up the first tunnel (POP3), I modified the default MacSSH connection settings (Favorites / Edit Favorites / Default) (and later set up the preferences to automatically start the default connection when starting up MacSSH, that removes an annoying step).

  1. In the General tab, I put in my host name (allpar.com) in General, and left it as Port 22.
  2. In the Security tab, I selected ssh2 as the protocol, with my username, password, client username (same as my username), and an lsh argument of -L21:allpar.com:21 which routes local port 21 (FTP) to remote port 21 (FTP) - in short, my local machine's traffic in port 21 goes through the tunnel, and when it comes back, ends up coming out of port 21 again so nobody is confused but me.
  3. To add another tunnel here, I could just put in a space and type in the second one, e.g.
    • -L21:allpar.com:21 -L25:allpar.com:25
  4. In the SSH2 tab, I set the encryption and authentication and compression (all in order), then set method to local tcp port forward. I set the local and remote ports to 110 for e-mail, and put in my remote host (allpar.com). Then I initalized SSH, using a very long string with lots of numbers.
  5. At that point, I went through MailSiphon, Fetch, etc., and everywhere it used to have allpar.com, I replaced it with 127.0.0.1 (localhost worked for a while, but then stopped, so start out right with 127.0.0.1).
  6. Strangely, I found this did not work until I closed MacSSH and restarted it.

When you do this, I strongly suggest you also edit the default MacSSH terminal - make the font larger and set it up as a VT100 or VT220 so you can use pico and pine. Also, remember to log out when you're done with a session!

This whole process is much easier to use than it sounds, since all I have to do is open MacSSH and I'm totally secure. Until I open MacSSH, though, none of my file transfers (or non-Eudora e-mail) will work!

Coming in a month or two: OpenSSH under Mac OS X (which I do not yet have, which is why I'm using MacSSH). Stay tuned.

OpenSSH under Mac OS X 10.1x

Believe it or not, most of this is from trial and error.

If you are using Classic (legacy, or OS 9, or OS8, etc.) programs

If you are using Classic apps - for example, GoLive 5 or a non-Carbon version of Fetch or MailSiphon - first open the Classic app, then open MacSSH while in Classic, and run it according to the instructions for "SSH under MacOS 7.5 to Mac OS9." Believe it or not, that works. I wish I had known that about three hours ago...

If you are using Carbon or Cocoa (native) programs: method I

This method was sent in by Marc Poirier, as a correction to method II (below).

1) Open a Terminal window

2) Type in the following formula:

sudo ssh -l [your remote username] -L 21[the remote site]:21 -L 110:[remote site]:110 [remote site]

For example, for my site, allpar.com, with username macdude, it would be:

sudo ssh -l macdude -L 21:allpar.com:21 -L 110:allpar.com:110 allpar.com

This creates a tunnel in OS X but not in Classic programs.

Then, when you are making bookmarks or connections in Fetch, GoLive, MailSiphon, etc. - in other words, in any program - use 127.0.0.1 as the remote server (as detailed in the OS 9 solution at the top of the page). Otherwise, you won't be using the tunnel!

Note that you can save the command for easy reference either by copying and pasting it somewhere else, or by this method sent in by Marc:

If you are using Terminal or another tcsh shell, then create a file called .tcshrc in your home directory (if you don't already have one) and add this line:

alias tunnel 'sudo ssh -l macdude -L 21:allpar.com:21 -L 110:allpar.com:110 allpar.com'

That will create an alias called "tunnel" and then all you have to do to run that command is enter the word "tunnel" in Terminal. To create that .tcshrc file, probably the easiest way is to use pico (the simplest UNIX text editor), for example:

pico ~/.tcshrc

If method I doesn't work:

1) Open a Terminal window

2) Type in the following formula:

ssh -l [your remote username] -L 1024:[the remote site]:21 -L 1025:[remote site]:110 [remote site]

For example, for my site, allpar.com, with username macdude, it would be:

ssh -l macdude -L 1024:allpar.com:21 -L 1025:allpar.com:110 allpar.com

This creates a tunnel in OS X but not in Classic programs which transfers anything sent from local port 1024 to your remote computer's FTP port (21) and anything from local port 1025 to local port 110 (POP).

Then, when you are making bookmarks or connections in Fetch, GoLive, MailSiphon, etc. - in other words, in any program - look for a field marked "Port" or "Custom Port" or something like that. Type in the appropriate port - 1024 for FTP, 1025 for POP. Set up the connection so the remote server is 127.0.0.1 (as in the Mac OS 7-9 setup) - otherwise you won't actually be using the tunnel.

Why are you doing this? Because OS X reserves the critical ports, such as 21 and 110, and will not let you have them unless you log in as root. That's not a good idea, so use this workaround. (Using sudo should work which is why method I is posted).

But I suspect for the near future you'll be using MacSSH in Classic...!

Note that you can save the command for easy reference either by copying and pasting it somewhere else, or by this method sent in by Marc:

If you are using Terminal or another tcsh shell, then create a file called .tcshrc in your home directory (if you don't already have one) and add this line:

alias tunnel 'sudo ssh -l macdude -L 21:allpar.com:21 -L 110:allpar.com:110 allpar.com'

That will create an alias called "tunnel" and then all you have to do to run that command is enter the word "tunnel" in Terminal. To create that .tcshrc file, probably the easiest way is to use pico (the simplest UNIX text editor), for example:

pico ~/.tcshrc

Troubleshooting

  • You can run into problems if your UNIX files or directories have unconventional names - spaces can cause issues. I try to use hyphens instead of spaces on UNIX...and, for that matter, when I send files by e-mail. Martin Obrist reported that files and folders with spaces gave several FTP programs a 550 error.

See the menus on top of the pages! • We are not responsible for the consequences of actions taken based on this site and make no guarantees regarding validity, accuracy, or applicability of information, predictions, or advice of any sort. Please read the terms of use and privacy policy. Copyright © 1994-2000, David Zatz; copyright © 2001-2014, Allpar LLC (except as noted, and press/publicity materials); all rights reserved. Dodge, Jeep, Chrysler, Ram, and certain other names are trademarks of Chrysler, LLC, not us. Allpar — your source for the story of Chrysler, Jeep, Ram, and Dodge cars and trucks.