Securely Connecting with a Macintosh

Since the author here has no Macintosh (yet) to give a more complete desription, all I can do is describe what needs to be done, and point to some possible solutions, without much detail. If someone could flesh this document out a bit, the world would thank you. :)

Replacing Telnet

The "secure" version of the telnet protocol isn't fully released yet. There is another telnet-like protocol called "SSH" which is what everyone uses instead of telnet. There are both commercial and free clients for the SSH protocol for the Mac:

Free:

NiftyTelnet SSH
It does SCP, but not port forwarding/tunnelling.
MindTerm, a java client.
MacSSH

Commercial:

F-Secure SSH
dataComet-Secure
(from the vendor:) dataComet-Secure emulates color VT100 - VT320, PC-ANSI, SCO-ANSI, and IBM-3279 terminals, with file transfer support for SCP, X/Y/ZModem, and IBM IND$FILE. Sessions can be scripted using AppleScript and built-in macro support, with automatic macro recording and an easy-to-use key remapping dialog.

If you know of a package not listed here, please please let me know.

Once you have one of these packages, you set it up connect to taz just as you would with a regular telnet program.

Securing FTP

The two best options for secure file transfer appears to be to use NiftyTelnet's 'scp' functionality, as well as a shareware "SFTP" program from MacSSH, for MacOSX (Carbon) and for older versions (Classic).

There is a way to encrypt your FTP passwords with a little trickery with SSH. Please see the FTP-over-SSH page for more information on how to set this up.

At this point, we have not tested any FTP clients on the Mac using the method described above. I am presuming the Netscape will work, as it works as expected on Windows, and the code that does this is probably the same on both platforms. I'd love confirmation of this, though, as well as confirmation as to whether more common Mac FTP clients like "fetch" work as well.

Securing POP

POP, or Post Office Protocol, is the protocol used for downloading email from the server to your desktop. It is used by Eudora, by Netscape, by Outlook, by Pine, by just about every decent mail user-agent out there.

There are two mechanisms for securing the password in POP:

APOP
Clients supporting: Eudora, Claris Emailer
S-POP Clients supporting: Netscape?, ????

Each page above explains how to configure it. If you have a mail program other than Eudora or Netscape, please let us know if they support any type of security protocol, like APOP or SPOP. If they don't, there is still a way to secure POP, much the same way we secured FTP. Follow the instructions we gave for FTP, but instead of using port 21, use port 110, which is the default port used by POP. This will cause your POP connection to tunnel over your SSH connection to fetch your email locally. However, like the FTP tunnel, this means you must be logged in via SSH in order to use this.

One final link about Mac SSH clients: http://www.heilancoo.net/MacCVSClient/MacCVSClientDoc/ssh.html#vendors.