10.7: Enable the FTP server | 8 comments | Create New Account
A free FTP/FTP-SSL client. I don't usually use RBrowser because a $29 upgrade is necessary to unlock other protocols (Local, FTP/SSL/TLS, SFTP-SSH). I do like the Site Manager. It's a handy little thing to have. I searched and came up with some other free FTP clients: FireFTP (Free) - Firefox extension. The one downside I see is that this is. Feb 19, 2020 No, because there is no such thing as a fully GUI SSH client. The entire point of making an SSH connection is that once the connection is established, you are connected to a command-line shell where you can do command-line things.
Click here to return to the '10.7: Enable the FTP server' hint |
The following comments are owned by whoever posted them. This site is not responsible for what they say.
If ssh is already working for the command line in Terminal.app, then it should just work. Cyberduck is/was the best of the GUI apps for mac for sftp, but I haven't touched it in a while, since I prefer the command line and I haven't had to support anyone that used it. Connect to Linux from Mac OS X by using Terminal. Last updated on: 2018-10-26; Authored by: Rose Contreras; If you use MacOS® X, you don’t need to install a third-party client like PuTTY to connect to your cloud server by using Secure Shell (SSH). Terminal is a terminal emulation program included with MacOS X that you can use to run SSH.
Best to go with SFTP by enabling Remote Login (SSH).
Transmit supports SFTP, you can do it from the command line as well, if you are on another platform such as Windows and you want to SFTP to your Mac, you can use WinSCP or other SFTP free apps.
FTP, Telnet, RSH, etc. All transmit passwords in the clear, and they should be completely removed from service as they are not secure by a long shot.
The only reason for FTP is an anonymous FTP server where you login with uid: anonymous and your email address as the password.
Transmit supports SFTP, you can do it from the command line as well, if you are on another platform such as Windows and you want to SFTP to your Mac, you can use WinSCP or other SFTP free apps.
FTP, Telnet, RSH, etc. All transmit passwords in the clear, and they should be completely removed from service as they are not secure by a long shot.
The only reason for FTP is an anonymous FTP server where you login with uid: anonymous and your email address as the password.
Absolutely right. People still use anonymous FTP because it's simpler than setting up an entire (anonymous!) HTTP server if you're just in the business of publishing files.
I would never dream of installing an FTP server which asks for authentication though.
I would never dream of installing an FTP server which asks for authentication though.
OS X Server's FTP has been pretty lame for quite some time, and I can't think of any good reason to turn it back 'on'
A much better choice is PureFTP, which is free, and has a nice Mac FTP Manager GUI:
http://jeanmatthieu.free.fr/pureftpd/
A much better choice is PureFTP, which is free, and has a nice Mac FTP Manager GUI:
http://jeanmatthieu.free.fr/pureftpd/
For the sake of security, I recommend making the move to sftp/scp, which are actually part of ssh. All traffic, including password exchange is encrypted. Most GUI tools support it now. Just enable 'remote login' and that turns on ssh, which in turn enables scp/sftp. FTP should really be abandoned.
Ditch Apple's lame FTP server implementation and install PureFTPd, a free, much more robust solution that allows virtual folders and accounts (and can use Open Directory accounts, too):
http://www.pureftpd.org/project/pure-ftpd
http://www.pureftpd.org/project/pure-ftpd
While this hint will work as stated, it's pretty much incorrect usage of
launchctl
for the purpose of the hint.launchctl load...
loads the FTP service into launchd
's database of services. When you do an unload
, you are telling launchd
to not manage it anymore.So a better way to do this--probably the proper way--is to first issue the command to load the service:
Then, if you'd like to stop FTP, issue this command:
And if you decide you'd like to bring it back up, use this command:
sudo launchctl load -w /System/Library/LaunchDaemons/ftp.plist
Then, if you'd like to stop FTP, issue this command:
sudo launchctl stop com.apple.ftpd
And if you decide you'd like to bring it back up, use this command:
sudo launchctl start com.apple.ftpd
If you'd like for
launchd
to forget about FTP, that is when you would run this:sudo launchctl unload /System/Library/LaunchDaemons/ftp.plist
The hint as-is will work, but seems a little counter-productive to make
launchd
remember and forget about FTP all the time.@leamanc: Absolutely correct. I entered the comments wanting to post this, too. You beat me at it. :-)
Apple has an official KB article that was published on July 20 describing this process but adding steps at the beginning to define a service ACL for specific users / groups before enabling the service itself. http://support.apple.com/kb/HT4704
From OS X Scientific Computing
Jump to: navigation, search
|
Telnet and FTP?
Never, ever, use telnet. Ever. Or ftp. These programs send you password through the aether as clear text, opening you to exploits by all kinds of nefarious evildoers. Instead, learn to use ssh, scp, and sftp.
Fugu: A nice, free, GUI for sftp
I'm generally a command-line person, but this free little application provides a nice intuitive and visually pleasing GUI interface that also permits integrated editing of remote files and so forth. Here's a screen shot grabbed from their website:
SSH: the basics
How to log in remotely to another machine using ssh
Connect Ssh Mac
If you want to log in remotely to your account on another machine, simply issue the command
If you want to display X-windows programs on your machine that are run remotely, then include the -X or -Y flags:
Try -X first, as it is more secure. If there are problems, try the -Y option instead.
How to avoid interrupted connections
My DSL service provider seems to delight in causing my ssh connections to hang up. This irks me. I finally discovered a very simple solution. Create a file called ~/.ssh/config and put into it the following three lines:
Problem solved (at least for me).
How to set up passwordless logins
Generate a public key on the computer you want to log in from:
.......
Copy the public key to the computer you want to log in to.
Log into the remote computer
and append that public key to the appropriate file in your remote account's .ssh directory:
If the .ssh directory does not exist, you must first issue the command
and if the file ~/.ssh/authorized_keys does not yet exist, replace the above cat command with
(but do this only if ~/.ssh/authorized_keys does not yet exist, or it will clobber the file rather than append to the bottom of it.
With the 10.9 update, I found that I had to copy authorized_keys2 to authorized_keys
Test it.
It should now be set up for passwordless secure login.
Connecting securely with ssh tunnels
The idea of how to establish and use ssh tunnels, and why you might want to do this, is best illustrated with some examples. I have chosen two examples that you might very well want to put to use: Using a web proxy to access restricted websites (like scientific literature your library has a subscription to), and connecting to a mail server from anywhere, even if your local service provider tries to prevent this (DSL home service providers, hotel internet, etc).
Example One: Tunneling to a proxy server for web browsing
- Problem: I want to read restricted-access journals from home, but I only have access from work.
- Solution: Configure Firefox or SeaMonkey to use your work computer as a proxy.
For example, I can access most scientific journals on-line from machines that have recognized IP addresses (i.e., are affiliated with our university, whose library has paid for on-line access). If I am at home or on the road, I cannot do this easily unless I use a proxy server. Fortunately, this is fairly easy to do.
Establish the SSH tunnel connection
The syntax for establishing tunnel connections is as follows:
Choose a port, 8080, or any un-used non-root port. The -N flag says to establish the connection but not to make it a login shell, and the -D flag says to use dynamic port forwarding with ssh acting as a SOCKS server.
How To Ssh On Mac
Configure FireFox or SeaMonkey Preferences to use a proxy
On Mac OS X, I use Safari as my primary web browser, but I keep several on hand. Because of this, I can dedicate FireFox as my proxy web browser. If FireFox is your primary web browser, other browsers in the Mozilla family, such as SeaMonkey, have this capability as well.
- In Firefox.app, go to Preferences > General and hit the 'Connection Settings' button on the lower right side of the panel. A second panel will be revealed. Enter what is shown here:
Then click the 'OK' button.
Thanks very much to James Davis and Adam Smith of UCSC SOE for the tip.
- With SeaMonkey, go to Preferences > Advanced > Proxies > Manual Proxy Configuration > Advanced and you will get essentially the same configuration pane as pictured above. (SeaMonkey also has a nice free WYSIWYG HTML editor, called Composer.)
.
Example Two: Tunneling to a remote mail server
- Problem: I want access to my email securely from any connection point in the world.
- Solution: Configure smtp and pop or imap SSH tunnels.
Apple's Mail program logs onto a mail server computer every time it checks your mail, and every time it sends your mail. Depending on your mail server, it might send your password over the internet in clear text, as our POP3 server does. This is something worth avoiding, especially if you are on the road or using a commercial internet service provider. To get around this problem, you can create a 'tunnel' using ssh. Essentially, you can trick the mail program into using a pre-established ssh connection instead of using the insecure connection, thereby avoiding having to send your password in clear text. In fact, if you have enabled passwordless login, you can avoid dealing with passwords altogether. As side benefits, the connection seems to be established faster, and you can send mail from anywhere that allows you to make an ssh connection to the mail-server computer. (Many locations and DSL providers forbid you to make an smtp connection to your own mail server to avoid spamming issues and to try to force you to use theirs.)
Establish the SSH tunnel connection
The syntax for establishing tunnel connections is as follows:
That is pretty much all there is to establishing the required tunnels for POP3 mail, but a bit of explanation is in order. If you would normally log into the computer that is your email host with a command of the form
![Terminal Terminal](/uploads/1/2/6/5/126537562/552577947.png)
then just subtitute what you would actually type for this to the right of the -N option flag in the above two tunnel commands. (These are the same names you put in the email program for POP3 mail server and smtp server, respectively.) The ports (110 and 25) are the (insecure) ports used for POP3 and smtp mail. (If you are using the ssl secure ports, there is no need to be doing this). Again, these are the same as you used for configuring mail. The -N flag says to establish the connection but not to make it a login shell. Don't change ``localhost.' The other two ports (1110 and 2525) are arbitrary choices. You can pick any (unused) port (although the ones below 1024 are reserved for root). The -L flag tells ssh to do port forwarding (i.e., to establish the tunnel, treating the local port 1110 as if it were the remote port 110). The (optional) -C flag is for compression. This is handy on a lower-speed connection, but might actually slow stuff down on a high-speed connection.
How to get the Mail.app program to use the tunnels
To get Mail.app to use your ssh tunnels, you have to reconfigure its settings.
- First, establish the above tunnels.
- Then open Mail.app and under Preferences, go to Accounts and open the Account Information tab. Where it says Incoming Mail Server, you should enter 127.0.0.1 and where it says Outgoing Mail Server (SMTP), you should change the Server Settings by clicking the button, and add in 127.0.0.1 and port 2125 (or whatever port number corresponds to what you chose for the second tunnel command) and make these the default settings. This is illustrated in the following two screen shots below:
- Then go to Advanced tab, click on it to reveal the new pane, and enter the port 1110 (or whatever you picked for the first tunnel). You should now be set to collect and send your mail via ssh tunnels. If the tunnels become interrupted, you will have to re-establish them.
SSH Tunnel Manager
I find that it is easy to start and maintain the tunnels using a simple free gui application called SSH Tunnel Manager. This saves you typing and remembering the above commands. Should you require permanent, always-on tunnels, it might be better to run a launchd item to do this.
Retrieved from 'http://scottlab.ucsc.edu/xtal/wiki/index.php/SSH_and_Tunneling'