Whenever I set up a computer for a new Mac user, I am often requested to enable something to help them troubleshoot issues from far away. The problem, of course, is what this “something” could be. Indeed, I am always reluctant to enable VNC or ARD access onto a computer that I know may not be always kept up-to-date or plugged into firewalled networks. There is nothing wrong with VNC or ARD, really, and both can be used in a secure fashion but they do tend to require more work than a purely built-in Mac OS X component such as SSH, that will automatically get updated along with other parts of the operating system — you do use Software Update, don’t you?
The main problem of course is that SSH clients are not overly user-friendly for the most part — in a GUI world, that is of course. Almost while brushing my teeth (as this seems to be the proverbial time when ideas should strike) yesterday, I remembered good old SFTP.
After all, most FTP clients have made great efforts to be very user-friendly as of late. An application like Transmit or its open-source counterparts can be understood even by beginners in a matter of minutes. SFTP has nothing to do with FTP, of course (it is disguised SSH) but, as many users equate STFP with “Secure FTP” literally speaking, most FTP clients now include SFTP support.
Putting 1 + A, I immediately came to conclusion 2B: i.e. Transmit could be used as a GUI on top of SSH. Simply turn on remote login on a Mac, through the Sharing preferences pane, and point your Transmit at it to enjoy secure, GUI-powered remote access to a computer. Since an application like Transmit (and, again, many other clients) enjoy integration with text editors, permissions changing support, and more, most administrative tasks can be performed in a breeze.
Sure, you don’t get the full GUI you would with VNC or ARD but, with the extra security this solution brings, and the relative absence of configuration it requires, this is a little trade-off for most.
PS: Of course, punching a hole in a firewall, even on port 22, even if only the latest SSH protocol is listening (which requires command-line tweaking on the Mac you are configuring), even if the world were a happy place, is still punching a hole in your firewall and makes the computer vulnerable to attacks, including good old brute-force password cracking methods. Use with caution and seek medical assistance should irritation or redness occur.
Or alternatively, iGet
You've pretty much exactly described the shareware app iGet:
http://www.fivespeed.com/iget/
It lets you log into any OS X box with ssh enabled, and browse and transfer files. I hadn't considered using Transmit to do the same thing (I wasn't aware that SFTP is really ssh), but iGet is a cheaper alternative for those who haven't already purchased Transmit.
Or alternatively, iGet
Hi!
Thanks for sharing your thoughts with us, and for passing the link along.
FJ
ARD = Apple Remote Desktop
For those who were confused -- as I was -- ARD in this context means "Apple Remote Desktop". (Had to Google around a bit before figuring that out.)
ARD = Apple Remote Desktop
Hi!
Indeed! Thank you very much for sharing your findings with the community and please accept my apologies if I have been unclear.
FJ
Secure Remote Administration
There is a great tip on MaxOSXHints.com on how to set-up a safe Remote Admin set-up using reverse ssh. You still have to open up a port on your machine, but that is easier to monitor and manage than ask your remote user, possible your dad, to do the same. I tend to get my dad to phone me up when he needs help, open the port on my DSL modem's firewall and route to my Mac. Then I get him to start up the SSH connection using an icon on his Dock and then use Chick of the VNC to handle anything that needs to be done. This solution doesn't include a SFTP solution, but I'm sure that it could be added easily enough...
http://www.macosxhints.com/article.php?story=20050620224703127
Secure Remote Administration
Hi!
Thank you very much for sharing this tip with us, it indeed sounds most interesting!
FJ
Another app for the same
You can also try out the free Fugu - it's not as fully features as transmit admittedly, but it is free, completely open source, and has the ability to do all of the things mentioned in the article - I currently use it for just this very purpose:
http://rsug.itd.umich.edu/software/fugu/
Another app for the same
Hi!
Thank you for sharing your comments with us!
Fugu (http://www.apple.com/downloads/macosx/internet_utilities/fugu.html) is, indeed, the alternative I had in mind when composing this entry.
FJ
Or alternatively, iGet
Well, iGet1.0 isn't shareware at $24.95 but the upgrade for Tiger is free, or 49.95 if you don't buy 1.0 first. Not much cheaper than Transmit at 29.95.