Posts Tagged ‘ssh’

Searching GZipped Log Files

March 18th, 2014 1 comment

I have a few handy scripts for searching through log files, especially monitoring SSH login attempts. I cannot just grep through log files however, because the log files get “rolled”: compressed, and archived.

rob@kanga:/var/log $ ls -lh system.log*
-rw-r-----@ 1 root  admin   289K Mar 18 17:16 system.log
-rw-r-----  1 root  admin    79K Mar 18 00:00 system.log.0.gz
-rw-r-----  1 root  admin    39K Mar 17 00:02 system.log.1.gz
-rw-r-----  1 root  admin    36K Mar 16 00:02 system.log.2.gz
-rw-r-----  1 root  admin    35K Mar 15 00:02 system.log.3.gz
-rw-r-----  1 root  admin    25K Mar 14 00:01 system.log.4.gz
-rw-r-----  1 root  admin    69K Mar 13 00:01 system.log.5.gz
-rw-r-----  1 root  admin    68K Mar 12 00:01 system.log.6.gz
rob@kanga:/var/log $

Suppose you want to grep through your log files for SSH login activity, you can do it like this:

rob@kanga:/var/log $ { cat /private/var/log/system.log ; gunzip -c /private/var/log/system.*.gz ; } | grep sshd | wc -l
rob@kanga:/var/log $

The magic happens in the curly braces, which concatenates the standard output of all enclosed commands. Be sure to include a semicolon after the last command, right before the closing curly brace.

An even shorter example:

rob@kanga:/var/log $ { echo hello ; echo world ; } | cat -n
     1	hello
     2	world
rob@kanga:/var/log $
Categories: Utility Tags: , , , , , ,

Deleting Yourself with Mac Directory Services dscl . -delete

July 12th, 2011 1 comment

In case it ever crossed your mind, when you are at the command line, never type

sudo dscl . -delete /Users/rob

when you mean to type

sudo dscl . -delete /Users/proxy

It will slow down your productivity. Read more…

Categories: Utility Tags: , , , , ,

Stream iPhoto over SSH

June 15th, 2011 No comments

Many people seem to have enjoyed my post on Streaming iTunes over SSH, and today I needed to access my home iPhoto library from work. It turns out that we can use the same tricks we used for iTunes for iPhoto.
Read more…

Categories: Utility Tags: , ,

Spotlight Searching at the Command Line

April 5th, 2011 3 comments

If you know about the mdfind command that lets you perform Mac OS X Spotlight searches at the command line (The Power of mdfind, O’Reilly), then you know it’s a good start but ultimately unsatisfactory. I made up a shell script mdfindi that helps me interactively navigate the results of mdfind when I SSH into my home computer. Of course I keep the script on my Dropbox as mentioned in an earlier post so that it is available to all of my computers.

Read more…

Categories: Utility Tags: , , ,

NCSA Mosaic on the Mac

September 14th, 2010 No comments

A nostalgia article on PC World, Finding Stuff Online: 20 Years of Innovative Search Engines, reminded me that I should share my running version of NCSA Mosaic v2.7 with others. I don’t know where I got it, but it might have been from the Floodgap guys.
Read more…

Categories: Utility Tags: , , , ,

Be Notified of SSH Logins with Notifo

September 11th, 2010 6 comments

I’ve been finding all kinds of neat uses for Notifo, a multipurpose notification tool for the iPhone, and I wanted to be notified when anyone (should only be me) logged in to my home computer via SSH. I wrote a Pluggable Authentication Module (PAM) that sends a notice to Notifo whenever someone logs in or activates the PAM module another day (yes, I know that “PAM module” is redundant).

Check it out on SourceForge at I developed it on a Mac. I don’t know if it will compile properly on Linux. Please try it out.

Categories: Utility Tags: , , ,

Stream iTunes over SSH

September 28th, 2009 82 comments

Works with iTunes 10 and Lion

After (mostly unsuccessful) Googling for how to stream iTunes over SSH, I finally tracked down the difficult bits myself and put together a four three-line script:

dns-sd -P "Home iTunes" _daap._tcp local 3689 localhost.local. \ "Arbitrary text record" & 
trap "kill $!" 0 1 2 15
ssh -C -N -L 3689:localhost:3689

Update: I’ve cut this down to three lines using trap

Update: You can do this with iPhoto too.

Update: Works with OS X 10.7 Lion.


Read more…

Categories: Utility Tags: , , , , ,

Two Factor Authentication in Snow Leopard SSH with Perfect Paper Passwords

September 2nd, 2009 4 comments

If you’re nobody special like me, you probably “only” get a few thousand failed SSH logins to your computer each day. If you run a high profile system, it’s probably worse. Of course you have a good password for your account (right?), but should someone actually get your password, like with a keystroke logger on the remote computer you’re using to log in, what protection do you have then?

Two factor authentication can increase your security by requiring more than just your password (one factor) to log in. I like using Perfect Paper Passwords from Gibson Research Corporation ( With this system after entering my username and password (even a wrong password) in an SSH session, I am then prompted for a four-digit passcode that I’ve previously printed out and stashed in my wallet. Each code is only used one time, and protects me even if someone manages to get my password. In the case where attackers are guessing my password, they cannot tell if the password or passcode was guessed incorrectly.

Sample PPP passcard (courtesy

Sample PPP passcard (courtesy

There’s only a little bit of trickery involved to compile it for Mac OS X 10.6 Snow Leopard, and if you had it working before in Leopard, you’ll need to recompile the PAM module (I know, it’s like “ATM machine”) for 64-bit mode.

Read more…