Ssh Programs for the Macintosh

At least four ssh-supporting terminal emulators are available. One is commercial and three are freeware. This page includes information about downloading and configuring the freeware implementations of (for ssh1) NiftyTelnet and Better Telnet as well as (for ssh2) MacSSH.

Data Fellows (commercial)

The company Data Fellows offers commercial implementations of ssh for Macintoshes, several versions of UNIX and Windows PC's. Homewood Academic Computing bought a site license for Data Fellows (for all platforms) in 1999. Copies are $35 each (cheaper than the educational price of $50 direct from the company).

Some users feel that this product is strong in ssh features but weak on terminal emulation. (For example, the Data Fellows F-Secure client is more likely to support SCP and X Windows port forwarding than most free clients.)

Nifty Telnet 1.1 SSH r3 (free SSH1 client)

The ssh-enabled version of NiftyTelnet is a relatively unsophisticated terminal emulator. However, it works great! It also supports RSA key authentication and SCP file transfers!

As of September 6, 2000, it is now legal to use in the US! See this RSA press release The NiftyTelnet documentation has not been changed to reflect this development, but now you can ignore it.

NiftyTelnet may require Open Transport, which is found in more recent versions of the Mac operating system (about MacOS 7.5.3 and later). You can check to see if you are using Open Transport by looking in the Control Panels menu under the Apple Menu. If you see TCP/IP, then you are most likely using Open Transport. If you see the MacTCP Control Panel (which came before Open Transport), then NiftyTelnet will not work on your machine. In that case, consider upgrading your Macintosh software or using the buggy Better Telnet. (MacTCP and Open Transport are two components of the MacOS that allow one to connect to an Ethernet network. Apple started by providing MacTCP but recently migrated to Open Transport. Release 3 supposedly works on MacTCP- equipped PowerMacs, but it isn't clear that non-PowerMacs can use Nifty Telnet with MacTCP...)

Downloading NiftyTelnet

You can grab a copy by anonymous ftp to eta.pha.jhu.edu in the /pub/sysadmin/ssh directory. It is a Binhexed self-extracting archive file. (Anonymous FTP's of this material are only allowed from within the department.) Here is the FTP URL: local copy of NiftyTelnet

Configuring NiftyTelnet
Here is a list of the steps required to configure NiftyTelnet for ssh operation.

Download and unpack Nifty Telnet SSH 1.1 r3b. The result is a folder. Move this folder to the place where you store similiar programs (it is a good idea to keep programs organized by type). Open the folder.
Drag the file "NiftyTelnet SSH Known Hosts" into your System Folder, then into the Preferences folder inside the System Folder. This will greatly reduce the number of times you have approve the addition of new host keys to your list of known hosts. (These host keys help ensure that the computer to which you are connecting is the same one as you connected to in the past.)
You can connect to eta.pha.jhu.edu by double-clicking on the eta shortcut file located in the Nifty Telnet folder.
To connect to hosts other than eta, run Nifty Telnet
A Shortcuts window appears with the untitled shortcut highlighted. Click on Edit... button.
Fill in the following fields as appropriate: Shortcut name host name user name (this is your userid, not your full name)
Select, from the Protocol menu, either the 3DES or Blowfish ssh algorithms (our UNIX ssh clients don't currently support DES).
Then click on the Okay button. (Note: if you click on the Save As... button first, you can save these settings to a small file. Double-clicking that file in the future will start NiftyTelnet and immediately open a connection to this host with all of these parameters.)
Make a connection by choosing your new shortcut from the Shortcuts menu.
An SSH Login dialog box appears. It asks you for your password. Enter your normal password for that host. (Do not use the ssh passphrase you may have established for that host. NiftyTelnet only knows how to use your normal UNIX password to authenticate you.) Give it and you will be connected.
If you connect to a machine that you have not "talked to" before, you will see a Host Identification Alert dialog box asking if you want to accept the public key for this host. Choose the Accept & Save button.
Note the small padlock in the lower left corner of the window. Normal (unencrpyted) telnet sessions do not show a locked padlock.

MacSSH (free SSH2 client)

MacSSH is a modified version of BetterTelnet with SSH2 support. See both the on-line FAQ and the SimpleText documents packaged with the program for configuration information. Interesting features:

port forwarding
FTP server for your Macintosh
Numerous encryption algorithms
client/server interaction information for each ssh session (turn on the trace, verbose, and/or debug options -- see the QuickStart document for the trick (involves the Command and single quote key!)).

It does not:

support the SSH1 protocol.
include scp or sftp secure file transfer functionality.

Better Telnet (free SSH1 client)

The author of the free (and excellent) Macintosh program Better Telnet said that he would add ssh support in version 2.0b2 and later. (The current non-beta release is 1.2.2, but the 2.x versions have overall been very stable.) He released an ssh patch for 2.0b3c5 to a handful of individuals and has since refused to release any more patches despite releasing the non-ssh-capable version 2.0b4. He has ignored a number of email entreaties to release an ssh-capable version.

Therefore we are stuck with an ssh-enabled Better Telnet 2.0b3c5. This version has number of bugs which were fixed in 2.0b4 (see the release notes ). The most critical one is cutting-and-pasting text. If you paste text into an Better Telnet SSH 2.0b3c5 window, it goes into a loop and continues to paste the same text endlessly. You then lose any unfinished work in your Better Telnet session (and any other open applications) because you are forced to reboot to regain control of your computer. This can be highly annoying, but you can evaluate the likelihood of your unwittingly falling prey to this bug.

Downloading Better Telnet

You can also grab a copy by anonymous ftp to eta.pha.jhu.edu in the /pub/sysadmin/ssh directory. It is a Binhexed self-extracting archive file. Here is the FTP URL: Better Telnet 2.0b3c5

Configuring Better Telnet
Here is a list of the steps required to configure Better Telnet for ssh operation.

Download and unpack Better Telnet 2.0b3c5. The result is a single program file.
If you have used Better Telnet before, you may have to move the old version's preference file aside (i.e. drag the file System Folder/Preferences/Better Telnet to some other location.
You will want to increase the memory allocation from the initial 1000 kilobytes if you intend to open more than two windows and/or save more lines of scrollback text. 2500 or 3000 kilobytes (or more) may be desirable if you will be connecting to UNIX machines often for longer periods of time.
To increase the program's memory allocation, select the Better Telnet program icon, choose Get Info from the File menu, and change the Preferred Size value upwards from 1000. Then close the Get Info dialog box. (Better Telnet cannot be running when you modify this parameter.)
start Better Telnet
go to the Favorites menu, choose Edit Favorites.... The Default shortcut will be highlighted. Select the Change button.
The dialog box will change to have several file-folder tabs along the top and settings check boxes and fields at the bottom corresponding to the currently selected tab.
General tab:
- Enter the fully-qualified host name for your default connection (e.g. eta.pha.jhu.edu)
Security tab:
- Choose ssh from the Protocol list.
- Enter your userid in the Username field. You have to enter your username or you will not be able to make a successful connection.
- Do not enter anything in the other fields until after you have figured out how to make a successful connection. This is beta software with unimplemented features and without much documentation. Some functions don't work and there are some bugs. So do not enter information in those other fields unless you want to experiment with them.
SSH tab:
- Leave the Encryption method set to 3DES. I don't know if the other methods work.
- Click on the Initialize button
- A Randomization window opens. you are asked to type 512 characters. Yes, this is a pain to do. Type 512 random characters. SLOW DOWN WHEN YOU GET CLOSE TO 512 BECAUSE IF YOU TYPE 513 CHARACTERS YOU WILL BEGIN OVERWRITING THE ALIAS NAME FOR THE SHORTCUT. When you have typed 512 characters, the box goes away.
Click on the OK button at the bottom right.
To create other favorite shortcuts, click on Edit Favorites from the Favorites menu. Then choose Duplicate. Then choose Edit. All you need to change for each shortcut is the hostname and alias under the General tab. YOU DO NOT HAVE TO REINITIALIZE THE SSH KEY. (At least, it has been my experience that you do not have to repeat that step.)
Go to the Edit menu, choose Terminal.... Select the Default terminal, then the Change button. Edit the AnswerBack Message from "VT220" to "vt220" (our Solaris UNIX machines don't know what a VT220 is but they understand vt220).
Go to the Edit menu, choose Preferences... You may want to change some of these options, such as "Windows don't go away" or "Open Connection dialog on startup". (Better telnet supports Balloon Help for these options.)
You are ready to make your first connection. Select the Default entry from the Favorites menu. A dialog box will appear telling you that you have not visited that host before and that it's host key is unknown. You will need to choose the Accept and Save button. (These host keys help ensure that the computer to which you are connecting is the same one as you connected to in the past.)
Then an Enter Password dialog box will appear. Enter your normal password for that host. (Do not use the ssh passphrase you may have established for that host. Better Telnet only knows how to use your normal UNIX password to authenticate you.)