MacCentric Solutions is an Apple-certified Macintosh consultancy & systems integrator serving the San Francisco Bay Area.
Why do so many Mac administrators hate the command line? Is it because it reminds them of DOS? Is it because touch typing is no longer taught in schools? Regardless, if you’d rather stare into a candle until you go blind than learn about the ssh command in Leopard, be forewarned: command-line tragedy awaits in this article!
ssh is one of the Mac administrator’s secret weapons for troubleshooting network issues or doing remote support. It allows you to connect to a remote computer and execute commands as if you had opened up the Terminal on that machine. ”Why the heck would I ever open Terminal anywhere?” you might be asking. Here’s one example why: Every single one of the 50+ Mac OS X Server environments we’ve configured have required changes to the network firewall. Perhaps we’ve had to punch a hole in the firewall to allow remote users to send email through the company server. Well, after making these firewall changes while sitting in the office, how do we know they work? We’d use ssh to connect to a remote computer (like our company server), and then simulate sending email from that remote computer’s command line to prove that our firewall changes are working. No mouse clicks or screen shots are necessary.
Problem is, something happened with ssh in Leopard, and nobody quite knows why. If you run the ssh command, you may get the error, percent_expand: NULL replacement. Huh? It seems that ssh is trying to expand some hidden variables which, in Leopard, no longer translate into a valid command. To fix this, we’re going to set a variable for your user account which will tell ssh where to find those variables, thus bypassing the step which is causing this error.
First, open up the Terminal application from your Applications -> Utilities folder. At the prompt, type
cd ~/.ssh
This changes your working directory to the hidden .ssh directory which lives inside your home folder.
Next, we’re going to edit the ssh preferences file:
pico config
This command opens the pico text editor and loads a file called config. If this file already exists in the .ssh directory, you’ll see its contents loaded; otherwise, you’ll get a blank screen with the pico header and footer.
Next let’s type in the line that tells ssh where to look for these variables:
IdentityFile ~/.ssh/id_rsa
Finally, hit control-x on your keyboard, answer “y” when prompted to save, and press Return to confirm the filename config.
That’s it! Try ssh’ing again and you should be able to get where few Mac administrators dare tread.
2 Comments
po
04.01.08 at 5:45 amHey there,
Did you find a way to use pubkey and run an ssh connection between a machine under Tiger and Leopard without seeing the prompt for the passphrase ? (I saw a post on the Apple mailing list)
Many thanks
PO
Noam Birnbaum
06.17.08 at 10:49 amHi PO,
I think the issue you’re referring to is slightly different. When you create a pubkey using ssh-keygen, you have the option of encrypting the key itself with a password. If you choose not to do so, then the SSH connection will work passwordlessly [sic] because all that is required is the unencrypted key file.
Of course, the key file itself will remain unencrypted, which means that if it’s attained by a third party, your security is compromised.
Regards,
noam