skip to main content Return to: U of M Home | OIT Home
University of Minnesota. Home page. myU | One Stop | Directories | Search U of M  
Academic and Distributed Computing ServicesAcademic and Distributed Computing Services

What's inside

1-HELP       1-HELP logo

ADCS Services

Computers on Campus

Internet Accounts

Knowledge Base

Online Guides
 · E-mail
 · Internet connection

Software

Contact Us

ADCS Home
   

Setting Up SSH and FTP Port Forwarding
(MACINTOSH VERSION)

SSH for Windows

[ Getting the Software | Setting up MacSSH | Setting up Fetch | Using Netscape Composer / Publish ]

This document is merely a "how to set this up" document. Those explanations of the reasons for doing this can be found on the SSH and (vs.) VPN page.

This document has instructions for configuring both the Macintosh SSH client and a Macintosh FTP client. If you only want to install and configure the SSH client, simply follow the MacSSH instructions below. Even if you don't want to set up FTP client right away, it would be prudent to configure the MacSSH to support FTP port forwarding, since you'll probably want to use it eventually. Installation instructions for the software come with them, when you download them.

FTP stands for File Transfer Protocol. Fetch is merely a common version of FTP with a nice user interface for Macs. So where it says FTP, read Fetch, if you're using Fetch.

Important:

There are major security concerns with creating these tunnels. When you create them, remember:

  • Open the tunnel with MacSSH (connecting with MacSSH)
  • Open your FTP (Fetch) conenction and transfer the files.
  • Close your FTP connection.
  • Close your tunnel (the MacSSH session). If you leave it open, you're leaving the server vulnerable to attack.
  • If you save your password in a shortcut or alias, remember that anyone with access to your computer can then use that shortcut without having to know your password.

Prerequisites:

  • Mac OS 8.1 or newer.
  • Valid Unix account on the machine you're accessing.
  • An SSH client that supports Port Forwarding.
  • An FTP client.

Step 1: Getting and Installing the Software.

SSH Clients:

There are a number of SSH clients you can use for the Mac. While the instructions below are tailored specifically for the MacSSH Client, you can also use other clients to establish SSH Connections:

FTP Clients:

There are also a number of FTP clients you can use for the Mac. While the instructions below are tailored specifically for Fetch, you can also use other clients to establish FTP connections:


Step 2: Configuring MacSSH to do FTP port fowarding through SSH.

Launch the program by clicking on the MacSSH icon:

To simply open up an SSH session to the server, choose File / Open Connection

Type in the server's name or IP address in Host name.
Make sure you click on Secure Shell, otherwise you'll be using an unencrypted session; the University servers will not accept it.

Window Name just places a title on your window. It makes it easier to keep track of, but doesn't affect anything else.

Add a host with FTP port forwarding enabled: (creating the SSH tunnel)

In MacSSH, Go to the Favorites / Edit Favorites menu item.

Click on New to get this dialog:

You need to set an alias, which is a nickname you'll see in the list of aliases, hostname, which is the Unix machine to which you are connecting, and port number (See the  SSH and (vs) VPN page).

Alias: Can be anything, but make it easy to remember, such as ftp_www for an ftp tunnel to the webserver
Host Name: Can also be the IP address. Contact your System Administrator if you're unsure what to use.
Port: You can either type in 22 or select SSH from the picklist. Anything else won't work.

Leave the Network and Terminal tabs unchanged, unless you like things on Terminal to be different.

Next, click on the Security tab:

Protocol: needs to be changed to SSH (Secure Shell).

Leave the OTP tab unchanged, unless your site uses One Time Passwords.

Next, click on the SSH2 Tab:

There are lots of things that have to be set on this tab:

  • Alias will be carried across from when you set it on the General tab.
  • You can leave the Encryption, Authentication and compression picklists alone.
  • Choose as your Method: LocalTCP port forwarding
  • Local port: 21    Remote Host: server name or IP address    Remote port: 21
  • Port 21 is the FTP (Fetch) Port. The Remote Host will be the same information that you put on the General Tab, under Hostname.
  • Do NOT click on the Enable Guests checkbox. This would allow other people  from other computers to use your ssh tunnel to connect to the server using your username and password.
  • Leave firewall tab unchanged.

When you're done with all of that, click OK, this will create  a new shortcut with all of the properties you just set, saved with the Alias name you gave it.

This will put you back to the Favorites windows. Click OK.

You can now run this shortcut from the Favorites menu to log into the Server and create your tunnel. You must do this prior to any Fetch connection to the server.

Just type in your username and password, and a window will open up similar to your other Telnet sessions: This has opened your SSH port forwarded FTP tunnel.

The Lock in the upper right hand corner tells you that everything you send across this connection is encrypted.

Step 3: Configuring Fetch to use the SSH connection.

Launch Fetch:

Enter this:

  • Host: localhost (This is telling fetch to use your tunnel. Your tunnel is listeneng for this connection on Local Port 21, which you set in MacSSH.)
  • User ID: Your unsername on the Unix machine.
  • Password: Your password on the Unix machine.
  • Directory: Specify a directory. If no directory is specfied, Fetch will atuomatically open the home directory.

To create a shortcut in Fetch:

Choose the Customize / New Shortcut menu item.

  • Name: An alias you're remember. This will show up under the Shortcuts picklist on the New Connection... dialog just above.
  • Type: Unknown
  • Host: localhost
  • User ID: Your unsername on the Unix machine.
  • Password: Your password on the Unix machine. You can leave this line blank if you would prefer to have Fetch ask you for the password when you log into your connection.
  • Directory: Specify a directory. If no directory is specfied, Fetch will atuomatically open the home directory.

Click OK, and a shortcut (also called alias or bookmakr) will be created. You can access it from  the Shortcuts picklist on the New Connection... dialog just above, and from the File / Open Shortcut menu item.

Using Netscape Compser / Publish with an SSH Tunnel

The Netscape Composer Publish utilty is simply a different way to use FTP. You create the MacSSH tunnel just as you would for Fetch.

In your Netscape Publish settings, replace the server name (something@geo.umn.edu) with username@localhost where username is your username on the Unix server. Actually use the word localhost. (yes, localhost. This is telling fetch to use your tunnel. Your tunnel is listeneng for this connection on Local Port 21, which you set in MacSSH.)
 
© Regents of the University of Minnesota. All rights reserved. Trouble seeing the text? | Contact U of M | Privacy
The University of Minnesota is an equal opportunity educator and employer.  

This document was last modified on Tuesday, 04-Mar-2008 11:20:50 CST
The URL of this document is http://www1.umn.edu/adcs/help/sshmac.html