Authors' note: A network lets computers communicate with each other, sharing files, email, and much more. Unix systems have been networked for more than 25 years, and Macintosh systems have always had networking as an integral part of the system design from the very first system released in 1984.
This chapter introduces Unix networking: remotely accessing your Mac from other computers and copying files between computers. It also shows you how the Connect to Server capability of Terminal can make common connections a breeze once you've set them up the first time.
There may be times when you need to access your Mac, but you can't get to the desk it's sitting on. If you're working on a different computer, you may not have the time or inclination to stop what you're doing, walk over to your Mac, and log in (laziness may not be the only reason for this: perhaps someone else is using your Mac when you need to get on it or perhaps your Mac is miles away). Mac OS X's file sharing (System Preferences → Sharing) can let you access your files, but there may be times you want to use the computer interactively, perhaps to move files around, search for a particular file, or perform a system maintenance task.
If you enable Remote Login under System Preferences -> Sharing, you can access your Mac's Unix shell from any networked computer that can run SSH (http://www.ssh.com/), OpenSSH (http://www.openssh.org/), or a compatible application such as PuTTY (a Windows implementation of SSH available at http://www.chiark.greenend.org.uk/~sgtatham/putty/). SSH and OpenSSH can be installed on many Unix systems, and OpenSSH is included with many Linux distributions, including Mac OS X.
8-1 shows how remote login programs such as
ssh work. In a
local login, you interact directly with the shell program running on your local
system. In a remote login, you run a remote-access program on your local system;
that program lets you interact with a shell program on the remote system.
Figure 8-1. Local login, remote login
When you enable Remote Login, the Sharing panel will display instructions for logging into your Mac from another computer. This message is shown in Figure 8-2.
Figure 8-2. Instructions for remote access to your Mac
To log into your Mac from a remote Unix system, use the command displayed in the Sharing panel, as shown in the following sample session where a user on a Red Hat Linux system is connecting to a Mac OS X computer (the first time you connect, you'll be asked to vouch for your Mac's authenticity):
Red Hat: taylor $ ssh firstname.lastname@example.org The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established. RSA key fingerprint is 86:f6:96:f9:22:50:ea:4c:02:0c:58:a7:e4:a8:10:67. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts. email@example.com's password: Last login: Thu Sep 25 10:27:58 2003 Welcome to Darwin! ~ 452 $
To log in to your Mac from a Windows machine using PuTTY, launch the PuTTY application, specify SSH (the default is to use the Telnet protocol described later), and type in your Mac OS X system's IP address as shown in the Mac's Sharing panel. PuTTY will prompt you for your Mac OS X username and password. Figure 8-3 shows a sample PuTTY session.
Figure 8-3. Connecting to Mac OS X with PuTTY
You can also use the Sharing preferences panel to enable your system's web and FTP server. Start Personal Web Sharing to enable the web server. Other users can access the main home page (located in /Library/WebServer/Documents) using http://address, where address is your machine's IP address or hostname (see the sidebar "Remote Access and the Outside World" if you are using an Airport Base Station or other router between your network and the Internet).
Remote Access and the Outside World
If your Macintosh has an IP address that was assigned by an AirPort Base Station, then it's very likely that your machine will not be visible to the outside world. Because of this, you will only be able to connect to your Mac from machines on your network. You can allow remote users to connect by using the AirPort Admin Utility → Show All Settings → Port Mapping (for Remote Login via ssh, you must map port 22 to your Macintosh; use port 80 for Personal Web Sharing). Other SoHo (Small Office/Home Office) gateways may support this feature as well.
If you use this technique, the IP address shown on the Sharing panel will be incorrect. You should use your AirPort Base Station's WAN address when you connect from a computer outside your network.
Start FTP Access to enable remote users to use FTP to connect to your system. Again, remote users should use your machine's IP address or hostname to connect.
You can also connect to other systems from Mac OS X. To do
so, launch the Terminal application. Then start a program that connects to the
remote computer. In addition to
ssh, some typical programs for
connecting over a computer network are
rsh (remote shell), or
rlogin (remote login). All of these are supported and included with
Mac OS X. In any case, when you log off the remote computer, the remote login
program quits and you get another shell prompt from your Mac.
The syntax for most remote login programs is:
For example, when Dr. Nelson wants to connect to the remote computer named
biolab.medu.edu, she'd first make a local login to her Mac named
fuzzy by launching Terminal. Next, she'd use the
program to reach the remote computer. Her session would look something like
Welcome to Darwin! ~ 452 $ telnet biolab.medu.edu Medical University Biology Laboratory biolab.medu.edu login: jdnelson Password: biolab$ . . . biolab$ exit Connection closed by foreign host. ~ 453 $
Her accounts have shell prompts that include the hostname. This reminds her when she's logged in remotely. If you use more than one system but don't have the hostname in your prompt, see Section 1.3.1 in Chapter 1 or Section 10.1 in Chapter 10 to find out how to add it.
WARNING: Actually, Dr. Nelson would be unwise to use
telnetto connect to the remote system, because
sshis a much more secure alternative and is highly preferred. However, some remote sites still stick with
telnet, and while it's important to encourage them to switch to
ssh-only access, you will still sometimes find yourself using
telnet, as shown here.
Also, when you're logged on to a remote system, keep in mind that the
commands you type will take effect on the remote system, not your local one! For
instance, if you use
lpr to print a file, the printer it comes out
of may be very far away.
rsh (also called
ssh generally don't give you a
login: prompt. These programs assume that your remote username is
the same as your local username. If they're different, give your remote username
on the command line of the remote login program, as shown in the next
You may be able to log in without typing your remote password or passphrase. Otherwise, you'll be prompted after entering the command line.
Following are four sample
lines. The first pair shows how to log in to the remote system,
biolab.medu.edu, when your username is the same on both the local and
remote systems. The second pair shows how to log in if your remote username is
different (in this case, jdnelson); note that the Mac OS X versions of
rsh may support both syntaxes shown depending
on how the remote host is configured:
$ ssh biolab.medu.edu $ rsh biolab.medu.edu $ ssh firstname.lastname@example.org $ rsh -l jdnelson biolab.medu.edu
Today's Internet and other public networks have users who try to break into computers and snoop on other network users. While the popular media calls these people hackers, most hackers are self-respecting programmers who enjoy pushing the envelope of technology. The evildoers are better known as crackers. Most remote login programs (and file transfer programs, which we cover later in this chapter) were designed 20 years ago or more, when networks were friendly places with cooperative users. Those programs (many versions of
rsh, for instance) make a cracker's job easy. They transmit your data, including your password, across the network in a way that allows even the most inexperienced crackers to read it. Worse, some of these utilities can be configured to allow access without passwords.
SSH is different; it was designed with security in mind. It sends your password (and everything else transmitted or received during your SSH session) in a secure way. A good place to get more details on SSH is the book SSH: The Secure Shell, by Daniel J. Barrett and Richard Silverman (O'Reilly).
You may need to copy files between
computers. For instance, you can put a backup copy of an important file you're
editing onto an account at a computer in another building or another city. Or,
Dr. Nelson could put a copy of a data file from her local computer onto a
central computer, where her colleagues can access it. Or you might want to
download 20 files from an FTP server, but not want to go through the tedious
process of clicking on them one by one in a web browser window. If you need to
do this sort of thing often, you may be able to set up a networked filesystem
connection; then you'll be able to use the Finder or local programs such as
mv. But Unix systems also have command-line
tools for transferring files between computers. These often work more quickly
than graphical tools. We explore them later in this section.
Mac OS X includes both
scp (secure copy) and
rcp (remote copy) programs for
copying files between two computers. In general, you must have accounts on both
computers to use these. The syntax of
cp, but also let you add the remote hostname to the
start of a file or directory pathname. The syntax of each argument is:
hostname: is needed only for remote files. You can copy from a remote computer to the local computer, from the local computer to a remote computer, or between two remote computers.
scp program is much more secure than
rcp, so we
scp to transfer private files over insecure networks
such as the Internet. For privacy,
scp encrypts the file and your
For example, let's copy the files report.may and
report.june from your home directory on the computer named
giraffe.intuitive.com and put the copies into your working directory
(.) on the machine you're presently logged in to. If you haven't set up the SSH
agent that lets you use
scp without typing your passphrase,
scp will ask you:
$ scp giraffe.intuitive.com:report.may giraffe.intuitive.com:report.june . Enter passphrase for RSA key 'taylor@mac':
To use wildcards in the remote filenames, put quotation marks ("name") around each remote name. You can use absolute or relative pathnames; if you use relative pathnames, they start from your home directory on the remote system. For example, to copy all files from your food/lunch subdirectory on your giraffe account into your working directory (.) on the local account, enter:
$ scp "giraffe.intuitive.com:food/lunch/*" .
cp, the Mac OS X versions of
rcp don't have an
-i safety option. If the files
you're copying already exist on the destination system (in the previous example,
that's your local machine), those files are overwritten.
If your system has
rcp, your system administrator may not want
you to use it for system security reasons. Another program,
more flexible and secure than
rcp (but much less secure than
FTP, or file transfer protocol, is a standard way to transfer files between two computers. Many users of earlier Mac OS versions are familiar with Fetch (http://fetchsoftworks.com/), a shareware graphical FTP client that runs on Mac OS X as well as earlier versions.
ftp program does FTP transfers from the command line.
There are also a number of easy-to-use graphical FTP tools available from the
Apple web site (go to "Get Mac OS X Software . . . " from the Apple menu and
click on Internet Utilities). But we cover the standard
here. The computers on either end of the FTP connection must be connected by a
network (such as the Internet).
To start FTP, identify yourself to the remote computer by giving the username and password for your account on that remote system. Unfortunately, sending your username and password over a public network means that snoopers might see them—and use them to log into your account on that system.
A special kind of FTP, anonymous FTP, happens if you log into the remote server with the username anonymous. The password is your email address, such as email@example.com. (The password isn't usually required; it's a courtesy to the remote server.) Anonymous FTP lets anyone log into a remote system and download publicly accessible files to their local systems. Here's how that might look:
$ ftp ftp.apple.com Trying 22.214.171.124... Connected to ftp.apple.com. 220 ProFTPD 1.2.8 Server (Apple Anonymous FTP Server) [ftp02.apple.com] Name (ftp.apple.com:taylor): ftp 331 Anonymous login ok, send your complete email address as your password. Password: 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 500 EPSV not understood 227 Entering Passive Mode (17,254,16,11,223,250). 150 Opening ASCII mode data connection for file list drwxrwxrwx 3 ftpprod ftpprod 102 May 7 19:11 Apple_Support_Area drwxrwxr-x 20 ftpprod ftpprod 680 Aug 28 22:07 developer drwxrwxr-x 30 ftpprod ftpprod 1020 Sep 15 13:44 emagic drwxrwxr-x 10 ftpprod ftpprod 340 Sep 3 16:23 filemaker drwxrwxrwx 10 ftpprod ftpprod 340 Apr 7 16:50 research 226 Transfer complete. ftp> quit 221 Goodbye. $
To start the standard Unix
ftp program, provide
the remote computer's hostname:
ftp prompts for your username and password on the remote
computer. This is something like a remote login (see Section
8.1, earlier in this chapter), but
ftp doesn't start your usual
ftp prints its own prompt and uses a special set of
commands for transferring files. Table
8-1 lists the most important
Copies the file filename from your local computer to the remote computer. If you give a second argument, the remote copy will have that name.
Copies the named files (you can use wildcards) from the local computer to the remote computer.
Copies the file filename from the remote computer to your local computer. If you give a second argument, the local copy will have that name.
Copies the named files (you can use wildcards) from the remote computer to the local computer.
A "toggle" command that turns prompting on or off during transfers with
Displays progress marks on file uploads and downloads so you can gauge progress. Particularly helpful with large transfers.
Changes the working directory on the remote machine to pathname (
Lists the remote directory (like
Transfers plain-text files, translating data if needed. For instance,
during transfers between a Microsoft Windows system (which adds Control-M
to the end of each line of text) and a Unix system (which doesn't), an
Toggles the setting of passive mode. This may help ftp to run correctly
if you are behind a firewall. If you put the command
Here's an example. Carol moves into the local directory she wants to use as a
starting point (a good idea whether you're uploading or downloading), then uses
ftp to copy the file todo from her work
subdirectory on her account on the remote computer rhino:
$ cd uploads $ ls afile ch2 somefile $ ftp rhino.zoo.edu Connected to rhino.zoo.edu. Name (rhino:carol): csmith Password: ftp> cd work ftp> dir total 3 -rw-r--r-- 1 csmith mgmt 47 Feb 5 2001 for.ed -rw-r--r-- 1 csmith mgmt 264 Oct 11 12:18 message -rw-r--r-- 1 csmith mgmt 724 Nov 20 14:53 todo ftp> get todo local: todo remote: todo 227 Entering Passive Mode (17,254,16,11,224,18). 150 Opening BINARY mode data connection for todo (724 bytes) 226 Transfer complete. 724 bytes received in 00:00 (94.06 KB/s) ftp> quit $ ls afile ch2 somefile todo
We've explored the most basic
ftp commands here. Entering
help at an
ftp> prompt gives a list
of all commands; entering
help followed by an
command name gives a one-line summary of that command.
If you can only use
ssh to connect to a remote
site, chances are it won't support regular FTP transactions either, probably due
to higher security. Mac OS X also includes a version of
ftp that is
compatible with the standard SSH server programs and works identically to
regular FTP. Just type
sftp at the command line. Here's an
$ cd downloads $ sftp firstname.lastname@example.org Connecting to intuitive.com... The authenticity of host 'intuitive.com (126.96.36.199)' can't be established. RSA key fingerprint is d0:db:8a:cb:74:c8:37:e4:9e:71:fc:7a:eb:d6:40:81. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'intuitive.com,188.8.131.52' (RSA) to the list of known hosts. email@example.com's password: sftp> cd mybin sftp> dir -l drwxr-xr-x 0 24810 100 1024 Jun 26 20:18 . drwxr-xr-x 0 24810 100 1536 Sep 16 18:59 .. -rw-r--r-- 0 24810 100 140 Jan 17 2003 .library.account. info -rwxr-xr-x 0 24810 100 3312 Jan 27 2003 addvirtual ... -rw-r--r-- 0 24810 100 406 Jan 24 2003 trimmailbox.sh -rwxr-xr-x 0 24810 100 1841 Jan 24 2003 unpacker -rwxr-xr-x 0 24810 100 946 Jan 22 2003 webspell sftp> get webspell webspell 100% 946 4.7KB/s 00:00 sftp> quit $ ls -l webspell -rwxr-xr-x 1 taylor taylor 946 25 Sep 11:28 webspell
If you need a file from a remote site, and
you don't need all the control that you get with the
you can use a web browser to download files using anonymous FTP. To do that,
make a URL (location) with this syntax:
For instance, ftp://somecorp.za/pub/reports/2001.pdf specifies the file 2001.pdf from the directory /pub/reports on the host somecorp.za. In most cases, you can also start with just the first part of the URL—such as ftp://somecorp.za—and browse your way through the FTP directory tree to find what you want. If your web browser doesn't prompt you to save a file, use its Save menu command.
NOTE: If you are using the Safari browser, it will open ftp: directories by mounting them in the Finder.
An even faster way to download a file is with the
curl (copy from URL) command. For example, to save a copy of the
report in the current directory, simply enter:
$ curl -O ftp://somecorp.za/pub/reports/2001.pdf
curl will display the file
in the Terminal window. If you want to read a text file from an Internet server,
you can combine
$ curl ftp://ftp.oreilly.com/pub/README.ftp | less
You can also use
curl with web pages, but this will bring the
page up in HTML source view:
$ curl http://www.oreilly.com | less
One of the pleasures of working with Unix within the Mac OS X environment is that there are a wealth of great Aqua applications. In the world of FTP-based file transfer, the choices are all uniformly excellent, starting with Fetch, NetFinder, Transmit, FTPeel, rbrowser, and Anarchie, and encompassing many other possibilities. Either open the Apple menu and select "Get Mac OS X Software . . . ", or try VersionTracker (see http://www.versiontracker.com/), Mac OS X Apps (see http://www.macosxapps.com/), MacUpdate (see http://macupdate.com/), or the shareware archive site Download.com (see http://www.download.com/).
The Terminal application has a
very helpful feature that can make connecting to remote systems via
breeze, once it's set up. Connect To Server is available off the File menu and
is shown in Figure
Figure 8-4. Connect to Server offers simple shortcuts
To add a service, click on the + icon on the left side of the window. More commonly, you'll add servers, which you can do by clicking on the + icon on the right side of the window. It produces a window that asks for the hostname or host IP address, which is easily entered, as shown in Figure 8-5.
Figure 8-5. Adding a New Server to Connect to Server
Once added in one area, the new server is available for all services, so to
connect to Apple's anonymous FTP archive site, choose
ftp, then the
new server name, and then enter
ftp into the User box, as
shown in Figure
Figure 8-6. Specifying user ftp on ftp connections to ftp.apple.com
Finally, the connection to Apple's server is a breeze: specify the server, specify the user, and click on Connect. The results are shown in Figure 8-7.
Figure 8-7. Instant connection to Apple's ftp server
You can practice your
ftp skills by connecting to the public FTP
archive ftp.apple.com. Log in as ftp with your email address
as the password, then look around. Try downloading a research paper or document.
If you have an account on a remote system, try using
scp to copy files back and forth.
ssh, you can run an agent program, such as
ssh-agent, that asks for your passphrase once, then handles authentication every time you run
 Quotes tell the local shell not to interpret special characters, such as wildcards, in the filename. The wildcards are passed, unquoted, to the remote shell, which interprets them there.
Dave Taylor is a popular writer, teacher and speaker of business and technology issues. The founder of The Internet Mall and iTrack.com, he's been involved with UNIX and the Internet since 1980. He's also been a Mac fan since the year it was released.
Brian Jepson is an O'Reilly editor, programmer, and co-author of Mac OS X Panther for Unix Geeks and Learning Unix for Mac OS X Panther. He's also a volunteer system administrator and all-around geek for AS220, a non-profit arts center in Providence, Rhode Island. AS220 gives Rhode Island artists uncensored and unjuried forums for their work. These forums include galleries, performance space, and publications. Brian sees to it that technology, especially free software, supports that mission. You can follow Brian's blog here.
Return to Mac DevCenter
Copyright © 2009 O'Reilly Media, Inc.