Using MacSSH at Panix

(Including "port forwarding")

MacSSH is a very good open-source SSH client for Mac OS 9.x and below (The "Classic" environment), adapted from the excellent BetterTelnet. It's available for download at: http://download.cnet.com/MacSSH/3000-2349_4-10059569.html

Here's how to set it up and use it.

1. Getting the SSH Host Keys for the Panix Servers
Download and install MacSSH. Now, before setting it up and starting to use it, we need to get the canonical host keys for Panix. (otherwise, you can't log in without defeating a good portion of the purpose of SSH in the first place.)
You can get the keys here: https://config.panix.com/vault/sshdata/known_hosts
Save this file, and put it in your "System Folder:Preferences:MacSSH" folder. Now MacSSH has identifying information for Panix, and we can start.
2. Logging Into the Panix Shell with MacSSH
Open MacSSH, go to the "Favorites" menu, and choose "Edit Favorites". If you don't have any favorites set up yet, just click "New" here instead.
The "Edit Favorite.." dialog will appear, with several index tabs. Here are the required settings for connecting to Panix using a normal username and password:
• In the General tab:
Alias Panix SSH Web tunnel (or whatever you like)
Host name shell.panix.com
Port SSH (22)
• In the Security tab:
Protocol SSH 2
Username Enter your username here to avoid the "username" prompt every time you connect, if you're the only one who uses this favorite. Otherwise, leave it blank.
• In the SSH2 tab:
Encryption Use all methods shown, in order (except "<none>)
Authentication MD5
Compression <none>
Put a checkmark in "never trust unknown host key".
Method Request pty (default)
Now click "OK", and "OK" again to save your new favorite.
To connect with your new favorite, just choose its name from the "Favorites" menu. MacSSH will prompt you for a password (sometimes a username also, if you didn't enter it above), and then you should be in!

Appendix I. Using Port Forwarding to Create a Secure Web Tunnel

Once you've gotten an SSH connection to Panix, you can set up a "port forwarding session" to create a secure tunnel to a trusted Web proxy (for example). Here's how.

•Go back to "Edit Favorites" (from the "Favorites" menu) and duplicate (or edit) the favorite you created earlier. Here are the changes you need to make, to add Port Forwarding.
•In the SSH2 tab:
Method change to "Local TCP port forward"
Local port 9999 (almost any number over 8000 will do)
Panix offers Privoxy to our subscribers; to use your SSH tunnel for Privoxy on Panix, use the following settings.
Remote host localhost
Remote port 8008 (or 8118 if you want to block banner ads too)

• Click "OK" and "OK" again to save.

Now, when you connect with this favorite, you have an active tunnel to Panix's Privoxy daemon. To use it, you need to go to your Web browser, and tell it to use a proxy for HTTP and HTTPS.

Set "127.0.0.1" (that's the same as "localhost") as the proxy address, and 9999 (or whatever you put as the "local port" in MacSSH) as the proxy port number. Now, all your Web browsing will go out over the proxy, and appear to be coming from Panix directly.

Appendix II. Using DSA public/private key authentication (advanced)

You don't have to change your favorites to use DSA key-pair authentication, but the tools to set it up are only found in the "Edit Favorites" dialog, under the SSH2 tab. It doesn't matter which favorite you "edit" to do this; your key gets put in a place accessible to all of your favorites.

Now, you should be able to just use your favorites to connect to Panix. MacSSH will ask you for your pass phrase once per session. If you can get that far, it is very easy to apply port forwarding rules to other hosts.

NOTE: Some of the older Mac Web browsers don't properly send the public-key over. Mozilla works, and of course any FTP client will do just fine in "Raw Data" mode.



Last Modified:Wednesday, 30-Jan-2013 12:14:11 EST
© Copyright 2006-2011 Public Access Networks Corporation