Comments on: Preparing your Mac to run as a server http://diymacserver.com Mon, 06 Feb 2012 16:07:33 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Richard http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-8076 Richard Mon, 25 Oct 2010 04:44:21 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-8076 @Roberto, it depends... If your server is running at home make sure your last hop onto the internet (mostly your ASDL router) has a firewall turned on with the AFP ports blocking. (Preferred you block everything incoming besides web and mail) @Roberto, it depends… If your server is running at home make sure your last hop onto the internet (mostly your ASDL router) has a firewall turned on with the AFP ports blocking. (Preferred you block everything incoming besides web and mail)

]]> By: Roberto http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-8073 Roberto Sun, 24 Oct 2010 22:16:39 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-8073 Hi Richard I followed your tutorials and successfully installed Apache, MySQL and PHP. My only question is that I would like to share me external drive on my server with my 2 other Macs. Since you recommended to turn off Personal File Sharing how can I do this? Is their a secure way of sharing it? Thanks in advance. Hi Richard I followed your tutorials and successfully installed Apache, MySQL and PHP. My only question is that I would like to share me external drive on my server with my 2 other Macs. Since you recommended to turn off Personal File Sharing how can I do this? Is their a secure way of sharing it? Thanks in advance.

]]> By: Silver Knight http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-7011 Silver Knight Thu, 06 May 2010 00:31:51 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-7011 Thank you for the useful web page and articles. Just thought I'd point out for security's sake (since security should be if extremely high priority on a server) that using FTP and VNC as-is are both quite insecure options. The simple solution to this problem in both cases is SSH which you already installed by this point anyhow. SSH comes with SFTP (Secure FTP) capability, so you can simply disable/uninstall old (insecure) FTP. VNC suffers from the same security issue as FTP does (namely, cleartext password transfer thru the network) but can easily be secured by using the port tunneling feature of SSH to tunnel port 5900 (or any other port being used by VNC) to the local machine which you are connecting from. Since this tunnel will be encrypted it makes VNC quite secure, AND removes the need to open extra ports at the firewall. I realize this particular article is now unsupported, but this advice also holds true for newer server setups as well. FTP is basically obsolete and should have died ages ago, and although VNC is super useful, it tends to be insecure but easily remedied. Thank you for the useful web page and articles. Just thought I’d point out for security’s sake (since security should be if extremely high priority on a server) that using FTP and VNC as-is are both quite insecure options. The simple solution to this problem in both cases is SSH which you already installed by this point anyhow. SSH comes with SFTP (Secure FTP) capability, so you can simply disable/uninstall old (insecure) FTP.

VNC suffers from the same security issue as FTP does (namely, cleartext password transfer thru the network) but can easily be secured by using the port tunneling feature of SSH to tunnel port 5900 (or any other port being used by VNC) to the local machine which you are connecting from. Since this tunnel will be encrypted it makes VNC quite secure, AND removes the need to open extra ports at the firewall.

I realize this particular article is now unsupported, but this advice also holds true for newer server setups as well. FTP is basically obsolete and should have died ages ago, and although VNC is super useful, it tends to be insecure but easily remedied.

]]> By: Richard http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-6136 Richard Sat, 19 Dec 2009 07:36:41 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-6136 @Aaron, I have no real experience with OS X Server. But I think you can reuse the SSH stuff mentioned here to better secure your server. @Aaron, I have no real experience with OS X Server. But I think you can reuse the SSH stuff mentioned here to better secure your server.

]]> By: Aaron http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-6131 Aaron Fri, 18 Dec 2009 21:38:08 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-6131 How do you feel about the setup provided stock under Snow Leopard Server. I realize that Personal Web Sharing is not secure and not complete, but would you propose the same for the server edition of the OS? How do you feel about the setup provided stock under Snow Leopard Server. I realize that Personal Web Sharing is not secure and not complete, but would you propose the same for the server edition of the OS?

]]> By: Ben http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-3612 Ben Sun, 29 Mar 2009 20:12:08 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-3612 Thanks for that Richard... Thanks for that Richard…

]]> By: Richard http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-3611 Richard Sun, 29 Mar 2009 19:51:33 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-3611 Yes, the order in which everything is listed is not important. For more info you can always type "man sshd_config" in a Terminal window. Yes, the order in which everything is listed is not important.

For more info you can always type “man sshd_config” in a Terminal window.

]]> By: Ben http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-3610 Ben Sun, 29 Mar 2009 19:48:00 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-3610 My sshd_config file doesn't have AllowUsers or DenyUsers. Do you just add those in anywhere? My sshd_config file doesn’t have AllowUsers or DenyUsers. Do you just add those in anywhere?

]]> By: Richard http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-1056 Richard Thu, 03 Jul 2008 19:04:13 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-1056 Yes you can, use the 'dscl' program to add your users. But be carefull on the problems with controlling them in a secure manner. Yes you can, use the ‘dscl’ program to add your users. But be carefull on the problems with controlling them in a secure manner.

]]> By: papalozarou http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/comment-page-1/#comment-1051 papalozarou Thu, 03 Jul 2008 11:04:42 +0000 http://diymacserver.com/preparation/preparing-your-mac-to-run-as-a-server/#comment-1051 Does anyone know how to add SSH only users (i.e. user accounts that don't exist with mac os x home folders). FTP too? I need to add these to my server, but really don't know how. Does anyone know how to add SSH only users (i.e. user accounts that don’t exist with mac os x home folders). FTP too? I need to add these to my server, but really don’t know how.

]]>