There are some steps you can take in preparing your Mac to run better as a server. Some of the things you don’t really need as you Mac is going to run headless (sans monitor) is a screensaver. If you have a screen saver running that would be a wast of CPU. To turn of the screen saver open up the System Prefences and select the Desktop & Screensaver icon. On the screen saver tab drag the “Start screen saver” slider all the way to “never” to turn it off. While your here anyway select a “Solid Color” for your desktop, this saves some graphics memory and will speed up communication when using the “Remote desktop” feature.
Next select the “Energy saver” in the System Preference overview. To keep your machine active at all times you’ll need to move the “Put the computer to sleep” slider to never to prevent the computer to go into sleep mode and be inactive. Also don’t forget to un-check the box “Put the hard disks to sleep when possible” to keep your machine responding quickly. On the “Options” tab un-check the “Allow power button to sleep the computer” to be able to reboot the machine without keyboard and monitor. Check the box “Restart automatically after a power failure” to have your machine reboot after a power failure or accidental loss of power when your not at home.
To speed up booting your machine, and when you don’t really need it, turn off Bluetooth.
Next icon “Sharing”, we’ll going to install our own web and mail server and we want our machine to run securely so we don’t need/want the following options:
- Personal File Sharing
- Windows Sharing
- Personal Web Sharing
- Remote Apple Events
- Printer Sharing
We do like, for remote management of our machine:
- Remote Login (SSH)
- FTP Access
- Apple Remote Desktop
However we need to secure these openings we just created:
For Apple Remote Desktop click on the “Access Privileges…” button and select the users you want to be able to connect to your machine. Please check the box “VNC viewers may control screen with password” and type in a difficult password which is not easy to guess. This enables you to use a program like “Chicken of the VNC” to access your Mac remotely.
To secure the SSH remote logins you’ll need to edit the file ‘
/etc/sshd_config‘ with your favorite editor.
I will go through some of the options you’ll want to change if you want to use SSH:
The default installation of OpenSSH allows both SSH version 1 and version 2 connections. Version 1 is known to suffer from security vulnerabilities, and it is strongly recommended that only version 2 be used. To disable version 1 connections use:
Disable root access
To disallow the root user to login, add/uncomment the line:
Only allow specific users
By default, all users who have local accounts on the system are permitted to login through SSH. This is not necessary and only provides attackers with more possibilities for an attack. Users with permission to SSH to the systems should be clearly defined and SSH configured to only allow access to those users.
- <usernames> is a list of usernames separated by spaces
- Usernames can contain * and ? as wildcards
- user@host format can be used; it specifies that the given user is allowed/denied only from the host specified
To prevent users with no password (this should never be the case) access to the system add/uncomment this line:
This are the simple ones, there are more elaborate schemes, that will secure your system a lot better. Hope you found it useful. I you know other options/settings that will help please leave a comment or post in the forums.
Other resources on SSH
- Check out these articles from 2004 at the O’Reilly MacDevCenter.
- MacGeekery: Basic OS X Security
- For general security tips check out the white papers from Corsaire
- If you like point and click configuration you might want to give SSH Helper a spin.
And as a last thing to install you need the Apple developer tools. It’s called XCode and you can find it on your install-disk or download it from developer.apple.com
Next step: Installing MySQL