After that last post on enabling SSH back to my iMac, I realized I should do a little more research into security precautions. I stumbled onto information about the macOS Server Adaptive Firewall.
Enabling it couldn’t be much easier. It’s two commands; first to self-configure, and then to start the firewall:
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -c
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
kyrpted.com has a more thorough explanation of how to use the Adaptive Firewall, but I feel a little better knowing it’s running.
Hello, I Am the Mythical Middle-Class Person Who Republicans Say Will Benefit from Their New Tax Bill - McSweeney’s Internet Tendency:
Well, as a middle-class person who loves this tax plan, I am here to tell you that I exist, I am real, and I am as excited as a Clydesdale in the springtime to see our country’s long-suffering corporations pay lower taxes.
I’ve taken a bold step: I’ve enabled SSH back to my home computer.
For OPSEC, I’ve disabled all authentication methods except Public Key, with the hope that I can have a secure, reliable, SFTP connection my home machine from anywhere.
To make this change:
- I added my public key to
- You can run this command:
ssh-copy-id -i ~/id_rsa.pub firstname.lastname@example.org
- …or just copy
- I enabled Remote Login in System Preferences
- To disable password-based authentication, I edited
/etc/ssh/sshd_config with these changes:
That tutorial also recommends setting
KbdInteractiveAuthentication no, but according to ssh.com:
Specified whether keyboard-interactive authentication is allowed. By default, the value of
ChallengeResponseAuthentication is used.
Since it takes the value of
ChallengeResponseAuthentication by default, I haven’t specified a value for
After making these changes, it’s important to restart
sudo launchctl stop com.openssh.sshd
If it looks like I’ve done something foolish, please let me know!
How did I not know about Waffle Iron Brownies???
Great instructions for getting SF Mono installed on your Mac.