Published on MacDevCenter (
 See this if you're having trouble printing code examples

O'Reilly Book Excerpts: Learning Unix for Mac OS X Panther

Unix on Panther: Accessing the Internet

by Dave Taylor, Brian Jepson

Related Reading

Learning Unix for Mac OS X Panther
By Dave Taylor, Brian Jepson

Authors' note: A network lets computers communicate with each other, sharing files, email, and much more. Unix systems have been networked for more than 25 years, and Macintosh systems have always had networking as an integral part of the system design from the very first system released in 1984.

This chapter introduces Unix networking: remotely accessing your Mac from other computers and copying files between computers. It also shows you how the Connect to Server capability of Terminal can make common connections a breeze once you've set them up the first time.

Remote Logins

There may be times when you need to access your Mac, but you can't get to the desk it's sitting on. If you're working on a different computer, you may not have the time or inclination to stop what you're doing, walk over to your Mac, and log in (laziness may not be the only reason for this: perhaps someone else is using your Mac when you need to get on it or perhaps your Mac is miles away). Mac OS X's file sharing (System Preferences → Sharing) can let you access your files, but there may be times you want to use the computer interactively, perhaps to move files around, search for a particular file, or perform a system maintenance task.

If you enable Remote Login under System Preferences -> Sharing, you can access your Mac's Unix shell from any networked computer that can run SSH (, OpenSSH (, or a compatible application such as PuTTY (a Windows implementation of SSH available at SSH and OpenSSH can be installed on many Unix systems, and OpenSSH is included with many Linux distributions, including Mac OS X.

Figure 8-1 shows how remote login programs such as ssh work. In a local login, you interact directly with the shell program running on your local system. In a remote login, you run a remote-access program on your local system; that program lets you interact with a shell program on the remote system.

Figure 8-1. Local login, remote login

When you enable Remote Login, the Sharing panel will display instructions for logging into your Mac from another computer. This message is shown in Figure 8-2.

Figure 8-2. Instructions for remote access to your Mac

To log into your Mac from a remote Unix system, use the command displayed in the Sharing panel, as shown in the following sample session where a user on a Red Hat Linux system is connecting to a Mac OS X computer (the first time you connect, you'll be asked to vouch for your Mac's authenticity):

Red Hat: taylor $ ssh taylor@
The authenticity of host ' (' can't be established.
RSA key fingerprint is 86:f6:96:f9:22:50:ea:4c:02:0c:58:a7:e4:a8:10:67.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
taylor@'s password: 
Last login: Thu Sep 25 10:27:58 2003
Welcome to Darwin!
~ 452 $

To log in to your Mac from a Windows machine using PuTTY, launch the PuTTY application, specify SSH (the default is to use the Telnet protocol described later), and type in your Mac OS X system's IP address as shown in the Mac's Sharing panel. PuTTY will prompt you for your Mac OS X username and password. Figure 8-3 shows a sample PuTTY session.

Figure 8-3. Connecting to Mac OS X with PuTTY

Web and FTP Access

You can also use the Sharing preferences panel to enable your system's web and FTP server. Start Personal Web Sharing to enable the web server. Other users can access the main home page (located in /Library/WebServer/Documents) using http://address, where address is your machine's IP address or hostname (see the sidebar "Remote Access and the Outside World" if you are using an Airport Base Station or other router between your network and the Internet).

Remote Access and the Outside World

If your Macintosh has an IP address that was assigned by an AirPort Base Station, then it's very likely that your machine will not be visible to the outside world. Because of this, you will only be able to connect to your Mac from machines on your network. You can allow remote users to connect by using the AirPort Admin Utility → Show All Settings → Port Mapping (for Remote Login via ssh, you must map port 22 to your Macintosh; use port 80 for Personal Web Sharing). Other SoHo (Small Office/Home Office) gateways may support this feature as well.

If you use this technique, the IP address shown on the Sharing panel will be incorrect. You should use your AirPort Base Station's WAN address when you connect from a computer outside your network.

Start FTP Access to enable remote users to use FTP to connect to your system. Again, remote users should use your machine's IP address or hostname to connect.

Remote Access to Other Unix Systems

You can also connect to other systems from Mac OS X. To do so, launch the Terminal application. Then start a program that connects to the remote computer. In addition to ssh, some typical programs for connecting over a computer network are telnet, rsh (remote shell), or rlogin (remote login). All of these are supported and included with Mac OS X. In any case, when you log off the remote computer, the remote login program quits and you get another shell prompt from your Mac.

The syntax for most remote login programs is:

program-name remote-hostname

For example, when Dr. Nelson wants to connect to the remote computer named, she'd first make a local login to her Mac named fuzzy by launching Terminal. Next, she'd use the telnet program to reach the remote computer. Her session would look something like this:

Welcome to Darwin!
~ 452 $ telnet
Medical University Biology Laboratory login: jdnelson
biolab$ exit
Connection closed by foreign host.
~ 453 $

Her accounts have shell prompts that include the hostname. This reminds her when she's logged in remotely. If you use more than one system but don't have the hostname in your prompt, see Section 1.3.1 in Chapter 1 or Section 10.1 in Chapter 10 to find out how to add it.

WARNING: Actually, Dr. Nelson would be unwise to use telnet to connect to the remote system, because ssh is a much more secure alternative and is highly preferred. However, some remote sites still stick with telnet, and while it's important to encourage them to switch to ssh-only access, you will still sometimes find yourself using telnet, as shown here.

Also, when you're logged on to a remote system, keep in mind that the commands you type will take effect on the remote system, not your local one! For instance, if you use lpr to print a file, the printer it comes out of may be very far away.

The programs rsh (also called rlogin) and ssh generally don't give you a login: prompt. These programs assume that your remote username is the same as your local username. If they're different, give your remote username on the command line of the remote login program, as shown in the next example.

You may be able to log in without typing your remote password or passphrase.[1] Otherwise, you'll be prompted after entering the command line.

Following are four sample ssh and rsh command lines. The first pair shows how to log in to the remote system,, when your username is the same on both the local and remote systems. The second pair shows how to log in if your remote username is different (in this case, jdnelson); note that the Mac OS X versions of ssh and rsh may support both syntaxes shown depending on how the remote host is configured:

$ ssh
$ rsh
$ ssh
$ rsh -l jdnelson

About Security

Today's Internet and other public networks have users who try to break into computers and snoop on other network users. While the popular media calls these people hackers, most hackers are self-respecting programmers who enjoy pushing the envelope of technology. The evildoers are better known as crackers. Most remote login programs (and file transfer programs, which we cover later in this chapter) were designed 20 years ago or more, when networks were friendly places with cooperative users. Those programs (many versions of telnet and rsh, for instance) make a cracker's job easy. They transmit your data, including your password, across the network in a way that allows even the most inexperienced crackers to read it. Worse, some of these utilities can be configured to allow access without passwords.

SSH is different; it was designed with security in mind. It sends your password (and everything else transmitted or received during your SSH session) in a secure way. A good place to get more details on SSH is the book SSH: The Secure Shell, by Daniel J. Barrett and Richard Silverman (O'Reilly).

Transferring Files

You may need to copy files between computers. For instance, you can put a backup copy of an important file you're editing onto an account at a computer in another building or another city. Or, Dr. Nelson could put a copy of a data file from her local computer onto a central computer, where her colleagues can access it. Or you might want to download 20 files from an FTP server, but not want to go through the tedious process of clicking on them one by one in a web browser window. If you need to do this sort of thing often, you may be able to set up a networked filesystem connection; then you'll be able to use the Finder or local programs such as cp and mv. But Unix systems also have command-line tools for transferring files between computers. These often work more quickly than graphical tools. We explore them later in this section.

scp and rcp

Mac OS X includes both scp (secure copy) and rcp (remote copy) programs for copying files between two computers. In general, you must have accounts on both computers to use these. The syntax of scp and rcp are similar to cp, but also let you add the remote hostname to the start of a file or directory pathname. The syntax of each argument is:


hostname: is needed only for remote files. You can copy from a remote computer to the local computer, from the local computer to a remote computer, or between two remote computers.

The scp program is much more secure than rcp, so we suggest using scp to transfer private files over insecure networks such as the Internet. For privacy, scp encrypts the file and your passphrase.

For example, let's copy the files report.may and report.june from your home directory on the computer named and put the copies into your working directory (.) on the machine you're presently logged in to. If you haven't set up the SSH agent that lets you use scp without typing your passphrase, scp will ask you:

$ scp .
Enter passphrase for RSA key 'taylor@mac':

To use wildcards in the remote filenames, put quotation marks ("name") around each remote name.[2] You can use absolute or relative pathnames; if you use relative pathnames, they start from your home directory on the remote system. For example, to copy all files from your food/lunch subdirectory on your giraffe account into your working directory (.) on the local account, enter:

$ scp "*" .

Unlike cp, the Mac OS X versions of scp and rcp don't have an -i safety option. If the files you're copying already exist on the destination system (in the previous example, that's your local machine), those files are overwritten.

If your system has rcp, your system administrator may not want you to use it for system security reasons. Another program, ftp, is more flexible and secure than rcp (but much less secure than scp).


FTP, or file transfer protocol, is a standard way to transfer files between two computers. Many users of earlier Mac OS versions are familiar with Fetch (, a shareware graphical FTP client that runs on Mac OS X as well as earlier versions.

The Unix ftp program does FTP transfers from the command line. There are also a number of easy-to-use graphical FTP tools available from the Apple web site (go to "Get Mac OS X Software . . . " from the Apple menu and click on Internet Utilities). But we cover the standard ftp program here. The computers on either end of the FTP connection must be connected by a network (such as the Internet).

To start FTP, identify yourself to the remote computer by giving the username and password for your account on that remote system. Unfortunately, sending your username and password over a public network means that snoopers might see them—and use them to log into your account on that system.

A special kind of FTP, anonymous FTP, happens if you log into the remote server with the username anonymous. The password is your email address, such as (The password isn't usually required; it's a courtesy to the remote server.) Anonymous FTP lets anyone log into a remote system and download publicly accessible files to their local systems. Here's how that might look:

$ ftp
Connected to
220 ProFTPD 1.2.8 Server (Apple Anonymous FTP Server) []
Name ( ftp
331 Anonymous login ok, send your complete email address as your password.
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
500 EPSV not understood
227 Entering Passive Mode (17,254,16,11,223,250).
150 Opening ASCII mode data connection for file list
drwxrwxrwx   3 ftpprod  ftpprod       102 May  7 19:11 Apple_Support_Area
drwxrwxr-x  20 ftpprod  ftpprod       680 Aug 28 22:07 developer
drwxrwxr-x  30 ftpprod  ftpprod      1020 Sep 15 13:44 emagic
drwxrwxr-x  10 ftpprod  ftpprod       340 Sep  3 16:23 filemaker
drwxrwxrwx  10 ftpprod  ftpprod       340 Apr  7 16:50 research
226 Transfer complete.
ftp> quit
221 Goodbye.

Command-line ftp

To start the standard Unix ftp program, provide the remote computer's hostname:

ftp hostname

ftp prompts for your username and password on the remote computer. This is something like a remote login (see Section 8.1, earlier in this chapter), but ftp doesn't start your usual shell. Instead, ftp prints its own prompt and uses a special set of commands for transferring files. Table 8-1 lists the most important ftp commands.

Table 8-1. Some ftp commands



put filename

Copies the file filename from your local computer to the remote computer. If you give a second argument, the remote copy will have that name.

mput filenames

Copies the named files (you can use wildcards) from the local computer to the remote computer.

get filename

Copies the file filename from the remote computer to your local computer. If you give a second argument, the local copy will have that name.

mget filenames

Copies the named files (you can use wildcards) from the remote computer to the local computer.


A "toggle" command that turns prompting on or off during transfers with the mget and mput commands. By default, mget and mput will prompt you "mget filename?" or "mput filename?" before transferring each file; you answer y or n each time. Typing prompt once, from an ftp> prompt, stops the prompting; all files will be transferred without question until the end of the ftp session. Or, if prompting is off, typing prompt at an ftp> prompt resumes prompting.


Displays progress marks on file uploads and downloads so you can gauge progress. Particularly helpful with large transfers.

cd pathname

Changes the working directory on the remote machine to pathname (ftp typically starts at your home directory on the remote machine).

lcd pathname

Changes ftp's working directory on the local machine to pathname. (ftp's first local working directory is the same working directory from which you started the program.) Note that the ftp lcd command changes only ftp's working directory. After you quit ftp, your shell's working directory will not have changed.


Lists the remote directory (like ls -l).


Tells ftp to copy the file(s) that follow it without translation. This preserves pictures, sound, or other data.


Transfers plain-text files, translating data if needed. For instance, during transfers between a Microsoft Windows system (which adds Control-M to the end of each line of text) and a Unix system (which doesn't), an ascii-mode transfer removes or adds those characters as needed.


Toggles the setting of passive mode. This may help ftp to run correctly if you are behind a firewall. If you put the command setenv FTP_PASSIVE 1 in your .tcshrc, all your ftp sessions will use passive mode.


Ends the ftp session and takes you back to a shell prompt.

Here's an example. Carol moves into the local directory she wants to use as a starting point (a good idea whether you're uploading or downloading), then uses ftp to copy the file todo from her work subdirectory on her account on the remote computer rhino:

$ cd uploads
$ ls
afile   ch2    somefile
$ ftp
Connected to
Name (rhino:carol): csmith
ftp> cd work
ftp> dir
total 3
-rw-r--r--  1 csmith   mgmt    47 Feb  5  2001 for.ed
-rw-r--r--  1 csmith   mgmt   264 Oct 11 12:18 message
-rw-r--r--  1 csmith   mgmt   724 Nov 20 14:53 todo
ftp> get todo
local: todo remote: todo
227 Entering Passive Mode (17,254,16,11,224,18).
150 Opening BINARY mode data connection for todo (724 bytes)
226 Transfer complete.
724 bytes received in 00:00 (94.06 KB/s)
ftp> quit
$ ls
afile   ch2    somefile    todo

We've explored the most basic ftp commands here. Entering help at an ftp> prompt gives a list of all commands; entering help followed by an ftp command name gives a one-line summary of that command.

SFTP: FTP to secure sites

If you can only use ssh to connect to a remote site, chances are it won't support regular FTP transactions either, probably due to higher security. Mac OS X also includes a version of ftp that is compatible with the standard SSH server programs and works identically to regular FTP. Just type sftp at the command line. Here's an example:

$ cd downloads
$ sftp
Connecting to
The authenticity of host ' (' can't be 
RSA key fingerprint is d0:db:8a:cb:74:c8:37:e4:9e:71:fc:7a:eb:d6:40:81.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ',' (RSA) to the list 
of known hosts.'s password: 
sftp> cd mybin
sftp> dir -l
drwxr-xr-x    0 24810    100          1024 Jun 26 20:18 .
drwxr-xr-x    0 24810    100          1536 Sep 16 18:59 ..
-rw-r--r--    0 24810    100           140 Jan 17  2003 .library.account.
-rwxr-xr-x    0 24810    100          3312 Jan 27  2003 addvirtual
-rw-r--r--    0 24810    100           406 Jan 24  2003
-rwxr-xr-x    0 24810    100          1841 Jan 24  2003 unpacker
-rwxr-xr-x    0 24810    100           946 Jan 22  2003 
sftp> get webspell
webspell                                100%  946     4.7KB/s   00:00    
sftp> quit
$ ls -l webspell
-rwxr-xr-x  1 taylor  taylor  946 25 Sep 11:28 webspell

FTP with a web browser

If you need a file from a remote site, and you don't need all the control that you get with the ftp program, you can use a web browser to download files using anonymous FTP. To do that, make a URL (location) with this syntax:


For instance, specifies the file 2001.pdf from the directory /pub/reports on the host In most cases, you can also start with just the first part of the URL—such as—and browse your way through the FTP directory tree to find what you want. If your web browser doesn't prompt you to save a file, use its Save menu command.

NOTE: If you are using the Safari browser, it will open ftp: directories by mounting them in the Finder.

An even faster way to download a file is with the curl (copy from URL) command. For example, to save a copy of the report in the current directory, simply enter:

$ curl -O

Without the -O option, curl will display the file in the Terminal window. If you want to read a text file from an Internet server, you can combine curl and less:

$ curl | less

You can also use curl with web pages, but this will bring the page up in HTML source view:

$ curl | less

Other FTP solutions

One of the pleasures of working with Unix within the Mac OS X environment is that there are a wealth of great Aqua applications. In the world of FTP-based file transfer, the choices are all uniformly excellent, starting with Fetch, NetFinder, Transmit, FTPeel, rbrowser, and Anarchie, and encompassing many other possibilities. Either open the Apple menu and select "Get Mac OS X Software . . . ", or try VersionTracker (see, Mac OS X Apps (see, MacUpdate (see, or the shareware archive site (see

Easy Shortcuts with Connect to Server

The Terminal application has a very helpful feature that can make connecting to remote systems via telnet, ssh, ftp, or sftp a breeze, once it's set up. Connect To Server is available off the File menu and is shown in Figure 8-4.

Figure 8-4. Connect to Server offers simple shortcuts

To add a service, click on the + icon on the left side of the window. More commonly, you'll add servers, which you can do by clicking on the + icon on the right side of the window. It produces a window that asks for the hostname or host IP address, which is easily entered, as shown in Figure 8-5.

Figure 8-5. Adding a New Server to Connect to Server

Once added in one area, the new server is available for all services, so to connect to Apple's anonymous FTP archive site, choose ftp, then the new server name, and then enter ftp into the User box, as shown in Figure 8-6.

Figure 8-6. Specifying user ftp on ftp connections to

Finally, the connection to Apple's server is a breeze: specify the server, specify the user, and click on Connect. The results are shown in Figure 8-7.

Figure 8-7. Instant connection to Apple's ftp server


You can practice your ftp skills by connecting to the public FTP archive Log in as ftp with your email address as the password, then look around. Try downloading a research paper or document. If you have an account on a remote system, try using rcp and scp to copy files back and forth.


[1] In ssh, you can run an agent program, such as ssh-agent, that asks for your passphrase once, then handles authentication every time you run ssh or scp afterward.

[2] Quotes tell the local shell not to interpret special characters, such as wildcards, in the filename. The wildcards are passed, unquoted, to the remote shell, which interprets them there.

Dave Taylor is a popular writer, teacher and speaker of business and technology issues. The founder of The Internet Mall and, he's been involved with UNIX and the Internet since 1980. He's also been a Mac fan since the year it was released.

Brian Jepson is an O'Reilly editor, programmer, and co-author of Mac OS X Panther for Unix Geeks and Learning Unix for Mac OS X Panther. He's also a volunteer system administrator and all-around geek for AS220, a non-profit arts center in Providence, Rhode Island. AS220 gives Rhode Island artists uncensored and unjuried forums for their work. These forums include galleries, performance space, and publications. Brian sees to it that technology, especially free software, supports that mission. You can follow Brian's blog here.

Return to Mac DevCenter

Copyright © 2009 O'Reilly Media, Inc.