SSH in 10.0.1


From Apple's Website:

Improvements include better support for third party USB devices, Classic compatibility and overall application stability as well as support for the popular Secure Shell service.

How does one enable SSH on a computer running OS X, and furthermore what application do you need to log into a SSH server?

I assume a regular telnet application wouldn't work anymore because SSH is supposed to replace telnet login, yes?

It all depends on what you're trying to do. If you want to just use the ssh client on your X machine to connect to other machines, you just run 'ssh <machine name>' (from a terminal). If, however, you want to be able to connect into your X box, you need to enable the ssh daemon. To do this, edit /etc/hostconfig, make the line for SSHSERVER say 'SSHSERVER=-YES-' then reboot. The first time it'll take a while since the startup script for it will create host keys for the machine (startup script is /System/Library/StartupItems/SSH/SSH).

For what it replaces, that includes the rsh/rlogin services, as well as telnet. If Apple had chosen to use a newer version of OpenSSH (they installed 2.3.0p1) it would also replace ftp more properly. It has scp as a partial replacement, but this is only one file at a time, without browsing. Newer versions of OpenSSH (2.5.2p2 is current) have sftp, a more full-blown replacement of ftp. The reason for all the replacing is that ssh encrypts all traffic, whereas the others do not.

Also, telnet should still work fine when coming from the X machine (just not securely), as long as the machine you're going to still has it open.
i had the latest ssh installation; I'm wondering if it got replaced by the 2.30 or whatever apple included. THat would suck.. I don't feel like building all of that again!

If you installed your version under /usr (ie, /usr/bin/ssh) then it probably did update it. To find out the ssh version, simply run 'ssh -V'.
If you put it under /usr/local or some such, it should still be there.
the ssh server is what i was wondering about.... thanks anyways this should help a bit,
You MUST enable the ssh daemon through /etc/hostconfig? Clicking on "Allow Remote Login" in the Sharing System Preferences will still enable telnet, and not SSH?
Actually, the "Allow Remote Login" option sets the option in /etc/hostconfig, and vice versa, so it can be done through either method.
I was under the impression that clicking the allow remote login in the sharing panel enables telnet, which is distinctly seperate from SSH enabled access.

In otherwords... leave the remote access unchecked and enable SSH though the config files should allow remote logins with SSH but not with telnet?

Can anyone confirm what I've said to be true or false?

My understanding is that 'enable remote connections' in 10.0.1 turns on sshd (not telnet anymore). I ran a port scan on my computer and it showed ssh but not telnet and I have the box checked in my prefs.

When I turn on "telnet" in the System Prefs it <u>only</u> turns on sshd. Good news.

(in 10.0.1)

The 10.0.1 update essentially replaces telnetd with sshd. The problem I'm having is that I can't seem to log in remotely. I get a "Permission denied" error when I enter my password. I know I'm entering my password correctly. Any ideas?
Seems like Telnet in 10.0 is replaced by ssh in 10.0.1 , i didn'n have to do anything at all. I just tried to log in via Nifty Telnet SSH from another Mac, and it just.. worked...
"Allow remote login" enabled naturally.
or from a unix command, just type "ssh -l [login] [hostname or ip], then it prompts you for password, just use your user password.
Originally posted by fddi1
or from a unix command, just type "ssh -l [login] [hostname or ip], then it prompts you for password, just use your user password.

A shorter equivalent would by
ssh username@host


SSH client detects the cipher type automatically, right?

I'd like to know how to set the cipher type for the SSH server. :)
After updating to 0.1 I reinstalled ssh.2.5.2p2 plus the ssh-admin tool. After that somehow I can not log into my XBox via ssh anymore. Somehow my password is not excepted. Any idea what to do to get ssh running correctly again?
I was not able to use the -t option with the ssh-keygen utility in OS X 10.0.1 for generating rsa1 and dsa keys. Does anyone knwo what I can use instead?
Since the version OS X installs is older, ssh-keygen doesn't have the -t option; instead to generate RSA, you don't have to do anything as that's the default. For DSA, give it the -d switch.