Inside SSH, Part 4by FJ de Kermadec
Editor's note -- In Part 3 of this multi-part series delving into the Secure Shell on Mac OS X, François Joseph de Kermadec showed you some advanced SSH techniques. Today he wraps up the final details.
Now that you know how to contact your Mac remotely, you need to find your way around it, without relying on a user interface. Obviously, this requires that you know a few basic commands like "cd" (change directory), "pwd" (print work directory), "ls" (list the contents of a directory), "cp" (copy a file) or "mv" (move or rename a file). Luckily, such commands are easy to learn.
In order to do that, you can either rely on their "man" pages or look up a few articles on the Internet. A good starting point is this MacDevCenter.com article by Chris Stone. Although it deals with earlier versions of Mac OS X, the basics are still accurate and it is very easy to understand.
If you feel a bit adventurous, you can also have a look at this slightly more advanced article by Dru Lavigne on the BSDDevCenter.
Updating a Mac Remotely
The ability to update a Mac remotely is quite amazing and will be of a great help to many system administrators who need to deploy updates on a large scale. It raises a few questions, however, that we're going to discuss so that you can update remotely with confidence.
A few months ago, Apple introduced a command called "sofwareupdate" that performs the exact same job as the Software Update preferences pane. It asks the Apple servers whether a Mac is up-to-date and installs updates if applicable.
In order to try it, simply enter "softwareupdate -l" in a Terminal window. This will launch the Software Update engine and list any updates that you may need. If everything goes well, you should see a copyright line followed by "Your software is up-to-date." Otherwise, you'll see a list of the updates.
Now, in order to install them, you'll need to gain administrative privileges. Enter "sudo softwareupdate -i -a". When prompted, enter your administrative password and press return. The "-i" flag tells your Mac that you actually wish to install the updates and the "-a" that you want to install them all. There is also an "-r" flag that installs only the "required" updates, although I wouldn't recommend using it, unless the remote computer is on dialup and needs to be urgently updated -- a critical security update, for example.
Like in the graphical version of Software Update, you'll be kept informed about the status of your query. Every update will be downloaded with a cool text progress bar showing the percent of the file downloaded. The optimizing process will be clearly labeled (so you don't think that the Terminal has frozen) and you'll be instructed to restart your computer if you installed any updates that require it.
In order to restart, type "sudo reboot" and authenticate. This will cause the remote Mac to reboot immediately, effectively closing your connection. You should, however, make sure that no applications are open and that nobody is working on the Mac. Otherwise, the computer will reboot as they work on it, potentially losing precious data and causing many panic attacks. Also, do not shut the Mac down. You wouldn't otherwise be able to access it remotely since it would require someone to manually press on the power switch.
In order to verify that the update went well, you can log in again and run
softwareupdate a second time to list the contents of the "Receipts" folder by entering
ls /Library/Receipts. One of the lines should be named after your update or it has not been successfully installed -- just keep in mind that the list can be longer than your screen and that you will probably need to scroll up or down to locate it.
As with any update, you should perform regular maintenance first and make sure that the computer is entirely idle while you are working on it. You definitely do not want someone to perform a backup or burn a DVD while you are updating the Mac -- the fact that it is possible and will probably work fine does not mean that you should do it.
You should also take into account that something might go wrong, not because of the update itself (the Mac OS X development team really does release extremely stable updates), but because a user may have installed an application you're not aware of and that interferes with the installer. That's why installing updates remotely is a delicate art and should only be performed if someone can deal with any issues locally. I don't always follow my own advice on this, but you have been warned.
Performing Remote Installations
Softwareupdate is without a doubt the easiest way to remotely update a Mac. Indeed, it takes care of almost everything and does not require you to enter multiple cryptic commands.
Unfortunately, all the applications you use are probably not all manageable through Software Update. Therefore, the Mac OS X engineers introduced a command-line equivalent of the Installer utility, the one you see when you double-click on a package or a metapackage (packages that include multiple packages, often used by complex applications that rely on various independent components).
What's more, this tool is capable of reading normal packages through the Terminal, which means that you don't need to request special files from developers or to alter them yourself. Note, however, that while
softwareupdate will take care of downloading the necessary packages on the server for you, you will need to place them there yourself.
The most convenient approach is to place the packages on another server that you first mount before running the command. Beware, though, of insecure protocols that may send information or passwords in the clear. Another approach is to place the packages beforehand, thanks to a USB key or a FireWire drive, but it is obviously not all that convenient. Finally, you can download them by using a command like curl.
The command-line version of Installer has the same requirements as the GUI application. It requires administrative or root privileges to run, and it cannot install an operating system on the disk it is booted from.
In order to use it, enter:
installer -volinfo -pkg path/to/package
This will print in the Terminal window a list of all volumes on which the package in question can be installed. Pick the volume you want. In our example, we are going to use "/", the startup volume.
Then, enter the following command to install the package. Note that authentication will be required.
sudo installer -pkg path/to/package -target /
The installer will then display a summary of the operations it is performing in the Terminal window. Note that there is no detailed progress indicator. Keep this in mind if you plan to run a long installation and are unsure of the status of your request. To print more information, enter "-verboseR" at the end of the command. Keep in mind that this may print a bit too much information, though, especially when the link you have established between computers is slow.
If everything goes well, result should end with "installer: The upgrade was successful." The prompt will then appear again. Do not forget to reboot the computer if necessary. Also, keep in mind that your users may be surprised to see a new application pop up in their folders. You may want to send them a mail first or initiate an iChat session to discuss the installation with them. This is especially important since launching an application while it is being installed is never a good idea -- it usually just doesn't launch, though. Also, make sure that you do not try to update an application while a user is using it.