advertisement

Article:
  Inside SSH, Part 1
Subject:   ssh secure AFP connection with OSX 10.3.4 (not server version) How To
Date:   2004-07-12 12:09:34
From:   billpenn
Response to: ssh secure AFP connection with OSX 10.3.4 (not server version)

In order to AFP over an SSH tunnel , you first need to make an SSH tunnel and then you need to connect through that tunnel. I made a script to do this (I know it does no error checking, bad me). Here it is:


--Start Code--


#!/bin/sh
# script to make ssh tunnel and then connect to afp host
#
# Jan 02 2004 - W Penn - creation
#


LOCAL_PORT=10548;
LOCAL_HOST=127.0.0.1;
TARGET_PORT=548;


TARGET_HOST=xxx.xxx.xxx.xxx;



ssh -L $LOCAL_PORT:$TARGET_HOST:$TARGET_PORT -f -N $LOCAL_HOST;


open afp://localhost:$LOCAL_PORT/;


--end code--


You need to enter the host you want to connect to instead of "xxx.xxx.xxx.xxx" for the TARGET_HOST variable. You must be able to log in via afp, and remote login to TARGET_HOST.


When run depending on how your are authenticating to TARGET_HOST your remote login password may be requested, then the open command will bring up the afp login window directed to TARGET_HOST.


The script makes a secure/encrypted connection from the local machine to the TARGET_HOST's AFP port 548. Then the script tries to open an AFP connection over the secure connection. If you try to connect directly with “connect to server” please note that typing in the IP of your AFP server will not give you a secure connection even after opening the tunnel; instead, you must connect to the local end of the secure connection which from the script is localhost:10548. This is a little weird to the novice as you tell AFP to connect to the local machine in order to REALLY connect to your remote machine.


NOTE on firewalls: (1) you do NOT need to open up port 10548 on either machine. (2) You only need port 22 open in a non built in firewall between the two machines (like in a NAT router). (3) AFP and remote login must be turned on on the target in the sharing pref pane.


EXTRA NOTE: If you use this, you are using it because you are concerned about security, so you should not use it unless you understand what every “-” “/” “;” “a-z” “A-Z” etc means.


You may find searching for "ssh tunnel" on mac OSX hints useful


1 to 3 of 3
  1. ssh secure AFP connection with OSX 10.3.4 (not server version) How To
    2006-01-24 17:34:54  wfaulk [View]

    • NO, This code is *NOT* 100% insecure.
      2006-01-25 23:24:58  GNULinux4me [View]

      • YES, This code is 100% insecure.
        2007-08-21 01:15:27  macGenius [View]

        • YES, This code is 100% insecure.
          2008-08-30 00:06:55  bill penn [View]

  2. ssh secure AFP connection with OSX 10.3.4 (not server version) How To
    2004-07-13 05:57:08  Felix-fi [View]

    • ssh secure AFP connection with OSX 10.3.4 (not server version) How To
      2004-09-10 21:30:17  Syzygies [View]

      • ssh secure AFP connection with OSX 10.3.4 (not server version) How To
        2004-10-21 00:12:55  richardwinkel [View]

        • ssh secure AFP connection with OSX 10.3.4 (not server version) How To
          2005-02-28 01:36:41  sirpete@iki.fi [View]

  3. ssh secure AFP connection with OSX 10.3.4 (not server version) How To
    2004-07-13 05:15:58  Felix-fi [View]

1 to 3 of 3