f



Mac-to-Mac VPN?

Years ago, I set up a Mac network (under OS9) with a VPN router and some 
software on a remote PowerBook that allowed VPN access. I'm not terribly 
familiar with OSX yet, but I understand that much of this functionality 
is now built in. Can anybody steer me in the right direction as far as 
hardware, software and configuration? Here's the setup I envision:

 - Small LAN running two Macs and a printer with a DSL 
   connection through a router.
 - Remote PowerBook connected to the net varyingly with 
   dial-up, DSL (wired), and AirPort.
 - Use the PowerBook to securely connect to at least one 
   of the machines on the LAN for file transfers, 
   contact/calendar sync (through Now server software), 
   and if possible, remote access.

Note that, at times, BOTH sides of this connection will have dynamic IP 
addresses, so there's got to be a way to "find" the office LAN remotely, 
and the security protocols of the VPN setup cannot limit the incoming IP 
to a specific address. Also note that I don't need to connect both ways, 
just to initiate from the PowerBook.

I'm not opposed to buying a VPN router, or any other hardware, if it 
makes the system more stable/reliable/simple. Thanks very much in 
advance for any help you can provide.

Steve
0
6/5/2005 11:50:02 AM
comp.sys.mac.comm 3057 articles. 0 followers. Post Follow

16 Replies
1594 Views

Similar Articles

[PageSpeed] 32

On 2005-06-05, Steve C <newsgroups@primedigital.com> wrote:
> Note that, at times, BOTH sides of this connection will have dynamic IP 
> addresses, so there's got to be a way to "find" the office LAN remotely,

Seems to me you have to have a fixed name, at least.  Fortunately this
is easy and free. See, among other solutions, http://www.dynds.org

This will give your lan router a name that can always be found,
regardless of the numeric ip.  Depending on the router, you might need
to run some software on one of the lan machines to keep the name in
sync.  If you have a modern router it may be able to handle this task
itself.

At this point your router is accessible from anywhere, via a fixed
symbolic hostname.

Now pick one of the lan machines to act as a public server, and
configure the lan router to forward requests on port 22 to that server.
This will give you ssh access to the server, which in turn will give you
access to all the other lan machines.  If you ssh from the remote PB to
the fixed symbolic hostname for the lan router, you'll find yourself
talking to the designated server machine on the lan. 

As for vpn, standard OSX includes vpn client support, but not vpn server
support.  For the latter either you need OSX Server, or you need to use
third-party vpn tools.  The simple, expensive solution is to run OSX
Server on the designated server machine and run the vpn server there.

The somewhat more complicated but completely free solution is to use
openvpn.  You'll have to use it on both ends, client as well as server,
since the builtin OSX vpn client can't talk to openvpn servers.
Configuring openvpn isn't too bad but it's not trivial either. I can
guide you through this if you're willing to use the command line.

A third possible solution is another freeware vpn package called
openswan.  I haven't used this myself but as I understand it, the
builtin OSX vpn client can talk to openswan servers.  The downside is
that openswan is supposedly much more complicated to configure than
openvpn is.

I'm not sure you really need a vpn at all - you might be able to do
everything you want to do via ssh.  If you do decide you need vpn, then
either you need the router to forward another port to the designated
server, or you need to tunnel the vpn connection through ssh.  The
second approach adds some overhead but it has the definite advantage of
leaving only one port open, rather than two.


>  - Use the PowerBook to securely connect to at least one of the
>  machines on the LAN for file transfers,

You don't need a vpn for this.  Just use scp/sftp, with or without a gui
wrapper.  You can also do AFP (Apple file-sharing) without a vpn by
tunneling it through an ssh connection.  So again only ssh is needed.

 
>    contact/calendar sync (through Now server software)

I don't use Now so I have no idea what the requirements are.

 
>    and if possible, remote access.

Exactly what kind of access are you thinking of?
0
schreberdp (707)
6/5/2005 1:45:26 PM
Thanks for the detailed response.

Is buying a VPN router another possible solution to the VPN Server 
issue? Again, I'm looking for stability foremost, as I may be on the 
road with the PowerBook for months at a time. If a hardware solution 
will require less maintenance than the software one, I'll spend the 
extra money.

When using a router/firewall, Now requires that two specific ports be 
opened and forwarded to the machine hosting the server software. Without 
a router, you just have to configure the remote machine with the correct 
IP address. Seems pretty straightforward, but I don't know how it will 
work with encryption.

On the remote access issue, I was thinking about Timbuktu, because I've 
used it before effectively. However, I'm open to other suggestions. I've 
heard mentions of RDC. What's that?

As far as VPN vs. SSH, I have to admit that I don't really know what I'm 
talking about here. I'll have to do some research. My concern is that I 
will have a number of open ports (for Now, remote control, file sharing, 
possibly iChat, and some other stuff) on a LAN that is exposed to the 
internet without me being there to monitor it. I want to be able to 
communicate remotely AND securely... that is, without people being able 
to snoop on my connection, and without people being able to easily 
exploit my network when I'm not around. If I can do that with SSH, or 
any other protocol that's simpler to set up than a full VPN, all the 
better.

Thanks again for the help.

Steve



In article <toCdncyJKqlrnD7fRVn-sg@comcast.com>,
 D P Schreber <schreberdp@rayban.net> wrote:

> On 2005-06-05, Steve C <newsgroups@primedigital.com> wrote:
> > Note that, at times, BOTH sides of this connection will have dynamic IP 
> > addresses, so there's got to be a way to "find" the office LAN remotely,
> 
> Seems to me you have to have a fixed name, at least.  Fortunately this
> is easy and free. See, among other solutions, http://www.dynds.org
> 
> This will give your lan router a name that can always be found,
> regardless of the numeric ip.  Depending on the router, you might need
> to run some software on one of the lan machines to keep the name in
> sync.  If you have a modern router it may be able to handle this task
> itself.
> 
> At this point your router is accessible from anywhere, via a fixed
> symbolic hostname.
> 
> Now pick one of the lan machines to act as a public server, and
> configure the lan router to forward requests on port 22 to that server.
> This will give you ssh access to the server, which in turn will give you
> access to all the other lan machines.  If you ssh from the remote PB to
> the fixed symbolic hostname for the lan router, you'll find yourself
> talking to the designated server machine on the lan. 
> 
> As for vpn, standard OSX includes vpn client support, but not vpn server
> support.  For the latter either you need OSX Server, or you need to use
> third-party vpn tools.  The simple, expensive solution is to run OSX
> Server on the designated server machine and run the vpn server there.
> 
> The somewhat more complicated but completely free solution is to use
> openvpn.  You'll have to use it on both ends, client as well as server,
> since the builtin OSX vpn client can't talk to openvpn servers.
> Configuring openvpn isn't too bad but it's not trivial either. I can
> guide you through this if you're willing to use the command line.
> 
> A third possible solution is another freeware vpn package called
> openswan.  I haven't used this myself but as I understand it, the
> builtin OSX vpn client can talk to openswan servers.  The downside is
> that openswan is supposedly much more complicated to configure than
> openvpn is.
> 
> I'm not sure you really need a vpn at all - you might be able to do
> everything you want to do via ssh.  If you do decide you need vpn, then
> either you need the router to forward another port to the designated
> server, or you need to tunnel the vpn connection through ssh.  The
> second approach adds some overhead but it has the definite advantage of
> leaving only one port open, rather than two.
> 
> 
> >  - Use the PowerBook to securely connect to at least one of the
> >  machines on the LAN for file transfers,
> 
> You don't need a vpn for this.  Just use scp/sftp, with or without a gui
> wrapper.  You can also do AFP (Apple file-sharing) without a vpn by
> tunneling it through an ssh connection.  So again only ssh is needed.
> 
>  
> >    contact/calendar sync (through Now server software)
> 
> I don't use Now so I have no idea what the requirements are.
> 
>  
> >    and if possible, remote access.
> 
> Exactly what kind of access are you thinking of?
0
6/5/2005 6:07:30 PM
On 2005-06-05, Steve C <newsgroups@primedigital.com> wrote:
> Is buying a VPN router another possible solution to the VPN Server 
> issue? 

I have no experience with these devices, so I can't comment.


> Again, I'm looking for stability foremost, as I may be on the 
> road with the PowerBook for months at a time. If a hardware solution 
> will require less maintenance than the software one

I use openvpn regularly and it requires no maintenance at all.  On the
other hand my usage pattern requires the vpn to be up for hours at a
time, not months.  I honestly can't say how openvpn would perform in
your situation.


> When using a router/firewall, Now requires that two specific ports be 
> opened and forwarded to the machine hosting the server software. Without 
> a router, you just have to configure the remote machine with the correct 
> IP address. Seems pretty straightforward, but I don't know how it will 
> work with encryption.

Whether you tunnel through a vpn or through an ssh connection, the
encryption will be transparent to the final endpoints on both ends.


> As far as VPN vs. SSH, I have to admit that I don't really know what I'm 
> talking about here. 

If the remote machine only needs to use a few specific services on
specific lan hosts, and especially if for any one service it only needs
to contact one lan host, then you can easily tunnel the service
connections through ssh. If you need essentially full access to the lan,
vpn is a better choice.

Going through ssh is _much_ easier to configure. If you can get by with
that, you should imo. 


> I'll have to do some research. My concern is that I will have a number
> of open ports (for Now, remote control, file sharing, possibly iChat,
> and some other stuff) on a LAN that is exposed to the internet without
> me being there to monitor it.

You don't need all these services to be open in general.  They only need
to be open to other lan machines, since that's what the tunneled
connections from your remote machine will look like.  The only services
that have to be publicly accessible are ssh and/or the vpn. 

You can also tunnel the vpn connection itself through ssh, at least with
openvpn.  This is how I use it.  The result is that I can use both forms
of connection with only one service port open.  Depending on what I'm
doing at any particular time, I either tunnel specific service ports
through ssh, or I tunnel vpn through ssh.  It's not exactly efficient,
but it's certainly secure.

0
schreberdp (707)
6/5/2005 7:13:02 PM
In article <5OGdnRQK9u0j0z7fRVn-jw@comcast.com>,
 D P Schreber <schreberdp@rayban.net> wrote:

> If the remote machine only needs to use a few specific services on
> specific lan hosts, and especially if for any one service it only needs
> to contact one lan host, then you can easily tunnel the service
> connections through ssh. If you need essentially full access to the lan,
> vpn is a better choice.
> 
> Going through ssh is _much_ easier to configure. If you can get by with
> that, you should imo. 

Sounds like I can. I'll try to set it up with just ssh. If I run into 
configuration problems, I may take you up on your offer of help.

Thanks again. You're a gentleman and a scholar... well, in truth, I 
don't know if you're either, but you sure are helpful!  :-)

Steve
0
6/6/2005 2:47:22 AM
On 2005-06-06, Steve C <newsgroups@primedigital.com> wrote:
>  D P Schreber <schreberdp@rayban.net> wrote:
>> to contact one lan host, then you can easily tunnel the service
>> connections through ssh

Let me amend this slightly.  You can easily set up the tunnels, but
depending on the specific service, they might or might not be easy to
use when configured that way.  In general it depends how flexible the
client apps are about specifying non-standard ports. 
0
schreberdp (707)
6/6/2005 11:13:30 AM
+ D P Schreber <schreberdp@rayban.net>:

| I use openvpn regularly and it requires no maintenance at all.

It probably works fine so long as the network connections are pretty
reliable.  But I gather that there is a potential problem when
connectivity becomes flaky, as when you're using a WLAN at the limits
of its usability or your ISP is dropping packets due to traffic
congestion.  In a nutshell, the problem is that you are effectively
tunneling one TCP connection through another TCP connection.  Since
each deals with packet loss by a complicated algorithm of variable
timeouts and retransmissions, interaction between the two means that
the traffic could slow to a crawl when the connection is somewhat
unreliable.  There is a reason why most VPNs are UDP based.

Disclaimer: I am by no means a networking expert, so the above should
be taken with a healthy dose of salt.  But I did not invent the above
scenario: I read about it somewhere, though I don't remember where -
and I know just enough about TCP/IP networking to know that the theory
is plausible.  And as I said, so long as connectivity is good, it is
probably not a big deal.  Seek independent confirmation if optimal
performance under adverse conditions is important to you.

-- 
* Harald Hanche-Olsen     <URL:http://www.math.ntnu.no/~hanche/>
- Debating gives most of us much more psychological satisfaction
  than thinking does: but it deprives us of whatever chance there is
  of getting closer to the truth.  -- C.P. Snow

0
hanche (791)
6/6/2005 1:52:15 PM
On 2005-06-06, Harald Hanche-Olsen <hanche@math.ntnu.no> wrote:
> [openvpn] probably works fine so long as the network connections are
> pretty reliable.  

That's a fair assessement.  My networks are very reliable; I can't say
anything about how well openvpn would behave in flakier situations. 


> There is a reason why most VPNs are UDP based.

You can run openvpn over udp.  I happen not to be able to, for various
reasons, but I would if I could.
0
schreberdp (707)
6/6/2005 2:28:54 PM
In article
<newsgroups-565A0E.11072805062005@corp-radius.supernews.com>, Steve C
<newsgroups@primedigital.com> wrote:

> I'm looking for stability foremost, as I may be on the 
> road with the PowerBook for months at a time. If a hardware 
> solution  will require less maintenance than the software one, 
> I'll spend the  extra money.

       - - - and - - -

> On the remote access issue, I was thinking about Timbuktu, 
> because I've used it before effectively.


In my case, I decided to go with Timbuktu  (TB2)  - - -  _and_  some
hardware called "PowerKey Pro" from Sophisticated Circuits.

Like you, I plan to be on the road for months at a time, so I need full
control of all my remote Macs and PCs.


In my case, there is a further batch of complications, one of which is
that I am rapidly getting senile.   (76 years old)

I have trouble lately even finding the "on" switch of my computers,
much less configuring routers and such.

The latest versions of TB2 are the easiest way I have found so far, as
regards configuration and operation of a remote network of computers.

Latest version is 8.0.1 for Macs, version 8.0.0.1113 for PCs, as of
right now.

SSH is trivial to set up using TB2, even I can do it.




As regards reliability, consider what I would do if the Internet
connections I rely on were not available.  I then have all those remote
computers with their ports wide open, waiting for the first bad guy to
try to break into them.

In my case, I would place ordinary phone calls to the PowerKey hardware
of all my remote networks, and the PowerKey hardware would shut off the
main power to all those remote computers, printers, ext' drives, etc.,
etc., using a safe sequence of shutdown.

No Internet connection needed.

I imagine it could be rigged so that if a remote network did not hear
from me after a long period of time, that the remote network could
automatically shut itself down.



I especially like the ability to regain control of a completely frozen
computer, via forced main power off using PowerKey.

Naturally, later I could power-on all my remote computers, with another
batch of ordinary phone calls to the PowerKey hardware.



I am fairly certain that all the remote networks can also be powered
back on via the Internet also (using TB2) - but I have not tried it
yet.




One neat feature of the most recent version 8.0.1 of TB2, is that I can
install TB2 into  _any_   remote Mac that does not presently have TB2.

All that is necessary is that the remote computer has its "Remote
Access" turned on, and that the remote Mac user allows me enough
"privileges" to install TB2 into his Mac.

Directly upon my finishing the installation, I have control of the
remote Mac, as much or as little control as the remote user allows me.

If I deem it necessary, I also can limit him as to what he can do with
his newly installed TB2, so any usage restrictions apply both ways,
either one of us can limit the other person.

This remote install feature, called "push install", opens up a lot of
nice possibilities.

Any remote trusted Mac person would then be able to control  _my_  Mac,
or any of my network Macs or PCs that I saw fit to allow him to
control.

Very useful for demonstration and instructional purposes.



The down side of using TB2 is that $100 has to be shelled out for each
Mac or PC in the network - - - or $60 if the 30 pack is bought.

BTW, push install only works Mac to Mac, won't work for remote install
on a PC.

BTW#2, presently I am having fun running Tiger 10.4.1 on this old
Lombard powerbook, full screen, while I am typing this post to you.

(I am controlling a 17-inch Mac powerbook, from the old Lombard)


Mark-
Proud member of IEEE, ACM, and AAAI computer organizations.
(they do not yet know that I am senile,
     imagine their surprise when they find out)
0
NoSpamDammit (843)
6/6/2005 7:51:15 PM
In article <060620051251471616%NoSpamDammit@invalid.com>,
 Mark Conrad <NoSpamDammit@invalid.com> wrote:

> As regards reliability, consider what I would do if the Internet
> connections I rely on were not available.  I then have all those remote
> computers with their ports wide open, waiting for the first bad guy to
> try to break into them.

If you configure SSH to deny access other than PubKeyAuthentication then 
only machines which have participated in a public key exchange could 
connect to the remotes.  If, in addition, you arranged to tunnel all 
other network connections through the SSH port, the computers wouldn't 
have their ports wide open waiting for the bad guys.

-- 
Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3 
                   7BDA 71ED 6496 99C0 C7CF
0
tomstiller (3053)
6/6/2005 9:11:44 PM
+ D P Schreber <schreberdp@rayban.net>:

| You can run openvpn over udp.

Ah, good.  I must have been to quick in my reading about it.
I'll definitely have another look, then.  Thanks.

-- 
* Harald Hanche-Olsen     <URL:http://www.math.ntnu.no/~hanche/>
- Debating gives most of us much more psychological satisfaction
  than thinking does: but it deprives us of whatever chance there is
  of getting closer to the truth.  -- C.P. Snow
0
hanche (791)
6/6/2005 9:22:43 PM
In article <tomstiller-9A8DA3.17114406062005@comcast.dca.giganews.com>,
Tom Stiller <tomstiller@comcast.net> wrote:

> If, in addition, you arranged to tunnel all 
> other network connections through the SSH port, the computers wouldn't 
> have their ports wide open waiting for the bad guys.

I was not aware that all the other ports could "go through" the one SSH
port, such that a cracker who tried to ping those ports would fail to
get any response.

For example, TB2 uses port 407 almost exclusively, whenever Timbuktu is
running.

If a cracker tried to ping a computer that was 'behind' the SSH system,
would the cracker be able to tell if TB2 was actively running on that
computer?

If that is true, it certainly would be worth my while to attempt to
learn how to configure the SSH system to achieve that desirable result
of hiding all the ports behind the one SSH port.

Whether I have enough smarts to learn all that geeky stuff is
questionable.    I don't have that much confidence in myself.



> If you configure SSH to deny access other than PubKeyAuthentication
> then only machines which have participated in a public key exchange 
> could connect to the remotes.

PublicKeyAuthentication is definitely more secure that the regular
password system used by OS X.

I am slowly trying to learn how to use it, but so far only know bits
and pieces, like how to generate brand new public keys from Terminal.

A few things puzzle me, like why it is supposedly "better" to use
pass-phrases as part of the Public Key system.

I thought that only two things were "necessary", namely each computer
owner creates his own Public Key via Terminal, then somehow private
keys are created.

I don't understand how pass-phrases enter into the picture.

Perhaps I am confusing the issue, maybe pass-phrases are not a part of
the PublicKeyAuthentication system.

I understand that the computers themselves send out their public keys
automatically at the very start of any connection attempt, then they
"listen" to see if the other computer automatically responds with an
"approved" private key.

I imagine that several weeks of intense Googling will clear up all
these mysteries for me.



Anyhow, when I  _think_  I have learned PublcKeyAuthentication, I would
like to test my new found knowledge on an in-house network of two Macs
connected to each other via an Ethernet cable. (no Internet connection)

Problem is, I don't think such an in-house system will work as a test,
because somehow I got the impression that a dedicated SSH public server
computer was a necessary part of any PublicKeyAuthentication system.

As you can readily see, I know very little about the subject.

Mark-
0
NoSpamDammit (843)
6/7/2005 8:40:12 AM
On 2005-06-07, Mark Conrad <NoSpamDammit@invalid.com> wrote:
> If a cracker tried to ping a computer that was 'behind' the SSH system,
> would the cracker be able to tell if TB2 was actively running on that
> computer?

Not unless you go out of your way to allow it.
0
schreberdp (707)
6/7/2005 11:33:23 AM
In article <070620050141054733%NoSpamDammit@invalid.com>,
 Mark Conrad <NoSpamDammit@invalid.com> wrote:

> In article <tomstiller-9A8DA3.17114406062005@comcast.dca.giganews.com>,
> Tom Stiller <tomstiller@comcast.net> wrote:
> 
> > If, in addition, you arranged to tunnel all 
> > other network connections through the SSH port, the computers wouldn't 
> > have their ports wide open waiting for the bad guys.
> 
> I was not aware that all the other ports could "go through" the one SSH
> port, such that a cracker who tried to ping those ports would fail to
> get any response.
> 
> For example, TB2 uses port 407 almost exclusively, whenever Timbuktu is
> running.
> 
> If a cracker tried to ping a computer that was 'behind' the SSH system,
> would the cracker be able to tell if TB2 was actively running on that
> computer?

No.  The tunnel works by defining two ports, one local and the other for 
the remote machine.  The remote machine listens in its port (e.g. 407) 
and the local machine connects to its port (whatever you choose).  The 
tunnel intercepts traffic directed to the local port, reroutes it over 
the secure channel, and presents it to the specified port on the remote 
machine.
> 
[snip]
> 
> 
> > If you configure SSH to deny access other than PubKeyAuthentication
> > then only machines which have participated in a public key exchange 
> > could connect to the remotes.
> 
> PublicKeyAuthentication is definitely more secure that the regular
> password system used by OS X.
> 
> I am slowly trying to learn how to use it, but so far only know bits
> and pieces, like how to generate brand new public keys from Terminal.
> 
> A few things puzzle me, like why it is supposedly "better" to use
> pass-phrases as part of the Public Key system.
> 
> I thought that only two things were "necessary", namely each computer
> owner creates his own Public Key via Terminal, then somehow private
> keys are created.
> 
> I don't understand how pass-phrases enter into the picture.

Keys are generated in pairs, one public and one private.  The 
pass-phrase is simply a (local) "shorthand" for the long binary string 
that constitutes the private key.  It would be a real burden to have to 
remember the hexadecimal representation of a 2048 bit key.
> 
> Perhaps I am confusing the issue, maybe pass-phrases are not a part of
> the PublicKeyAuthentication system.
> 
> I understand that the computers themselves send out their public keys
> automatically at the very start of any connection attempt, then they
> "listen" to see if the other computer automatically responds with an
> "approved" private key.

A simplified sequence is: the local machine sends a connection message 
encrypted with its private key.  The remote machine decrypts the message 
using the sender's public key (which it must have) and, if the decrypted 
result is legitimate, the remote machine responds with a message 
encrypted with _its_ private key.  The local machine decrypts that 
message using the remote machine's public key (which it must have).  If 
the result is legitimate, the connection is established and subsequent 
traffic is encrypted both ways with a private key cipher (much faster 
than the public key systems) using a key negotiated in the connection 
sequence.
> 
> I imagine that several weeks of intense Googling will clear up all
> these mysteries for me.
> 
> 
> Anyhow, when I  _think_  I have learned PublcKeyAuthentication, I would
> like to test my new found knowledge on an in-house network of two Macs
> connected to each other via an Ethernet cable. (no Internet connection)
> 
> Problem is, I don't think such an in-house system will work as a test,
> because somehow I got the impression that a dedicated SSH public server
> computer was a necessary part of any PublicKeyAuthentication system.

A server is _not_ required and, in fact, would introduce a possible 
point of failure in the system, opening the door for a man-in-the-middle 
attack.  To test the configurations, you just have to exchange the 
machines' public keys.  I use SSH tunnels on my local network, even 
though it's behind a firewall, just for the practice of "safe" 
networking.

-- 
Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3 
                   7BDA 71ED 6496 99C0 C7CF
0
tomstiller (3053)
6/7/2005 11:54:46 AM
In article <tomstiller-82C1D3.07544607062005@comcast.dca.giganews.com>,
Tom Stiller <tomstiller@comcast.net> wrote:

> > If a cracker tried to ping a computer that was 'behind' the SSH system,
> > would the cracker be able to tell if TB2 was actively running on that
> > computer?
> 
> No.  The tunnel works by defining two ports, one local and the other for 
> the remote machine.  The remote machine listens in its port (e.g. 407) 
> and the local machine connects to its port (whatever you choose).  The 
> tunnel intercepts traffic directed to the local port, reroutes it over 
> the secure channel, and presents it to the specified port on the remote 
> machine.

Okay, that is excellent.  The cracker would then have no way of knowing
that a computer using Timbuktu was in the network.

That is what I want, to hide the fact that I am using Timbuktu.



> > I don't understand how pass-phrases enter into the picture.
> 
> Keys are generated in pairs, one public and one private.  The 
> pass-phrase is simply a (local) "shorthand" for the long binary string 
> that constitutes the private key.  It would be a real burden to have to 
> remember the hexadecimal representation of a 2048 bit key.

Okay, if I understand you correctly, here is a simple example:
(using fewer bits in the binary string, of course)

Pass Phrase is  "A BEE" is used to represent the following 39 bit
binary string that constitutes the private key:
(spaces added for clarity)

1000  0010  0100  0000  1000  0100  1000  1010  1000  101



A             B    E     E     <---Pass Phrase   "A BEE"
41  20  42  45  45    <---hexadecimal representation of "A BEE"


4120424545   <--- same hexadecimal without spaces, used to 
                                     represent the 39 bit private key,
                                     shown this time without spaces:

100000100100000010000100100010101000101



I assume, if all the above is correct, that I have to enter a Pass
Phrase of my choice  _before_  the public-key/private-key pair can be
created by the computer.   There are probably rules somewhere about how
to come up with good pass phrases, and what characters are acceptable
in a pass phrase, and how long a pass phrase should be.




> > I understand that the computers themselves send out their public keys
> > automatically at the very start of any connection attempt, then they
> > "listen" to see if the other computer automatically responds with an
> > "approved" private key.
> 
> A simplified sequence is: the local machine sends a connection message 
> encrypted with its private key.  The remote machine decrypts the
> message 
> using the sender's public key (which it must have) and, if the
> decrypted 
> result is legitimate, the remote machine responds with a message 
> encrypted with _its_ private key.  The local machine decrypts that 
> message using the remote machine's public key (which it must have).  If 
> the result is legitimate, the connection is established and subsequent 
> traffic is encrypted both ways with a private key cipher (much faster 
> than the public key systems) using a key negotiated in the connection 
> sequence.

Okay, I had it all bass ackwards, thanks for the clarification.


This certainly gives me a good running start in understanding the
subject of PublicKeyAuthentication, thanks.

Mark-
0
NoSpamDammit (843)
6/8/2005 8:35:25 AM
In article <080620050135489254%NoSpamDammit@invalid.com>,
 Mark Conrad <NoSpamDammit@invalid.com> wrote:

> In article <tomstiller-82C1D3.07544607062005@comcast.dca.giganews.com>,
> Tom Stiller <tomstiller@comcast.net> wrote:
> 
[snip]

> > Keys are generated in pairs, one public and one private.  The 
> > pass-phrase is simply a (local) "shorthand" for the long binary string 
> > that constitutes the private key.  It would be a real burden to have to 
> > remember the hexadecimal representation of a 2048 bit key.
> 
> Okay, if I understand you correctly, here is a simple example:
> (using fewer bits in the binary string, of course)
> 
> Pass Phrase is  "A BEE" is used to represent the following 39 bit
> binary string that constitutes the private key:
> (spaces added for clarity)
> 
> 1000  0010  0100  0000  1000  0100  1000  1010  1000  101
> 
> 
> 
> A             B    E     E     <---Pass Phrase   "A BEE"
> 41  20  42  45  45    <---hexadecimal representation of "A BEE"
> 
> 
> 4120424545   <--- same hexadecimal without spaces, used to 
>                                      represent the 39 bit private key,
>                                      shown this time without spaces:
> 
> 100000100100000010000100100010101000101
> 
> 
> 
> I assume, if all the above is correct, that I have to enter a Pass
> Phrase of my choice  _before_  the public-key/private-key pair can be
> created by the computer.   There are probably rules somewhere about how
> to come up with good pass phrases, and what characters are acceptable
> in a pass phrase, and how long a pass phrase should be.
> 
It's not incorrect; it just doesn't clarify anything.  The passphrase is 
chosen at key generation time and may be changed later.  See the man 
page for "ssh-keygen" for additional details.
> 
[snip]

-- 
Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3 
                   7BDA 71ED 6496 99C0 C7CF
0
tomstiller (3053)
6/8/2005 11:13:54 AM
In article <tomstiller-816178.07135408062005@comcast.dca.giganews.com>,
Tom Stiller <tomstiller@comcast.net> wrote:

> > I assume, if all the above is correct, that I have to enter a Pass
> > Phrase of my choice  _before_  the public-key/private-key pair can be
> > created by the computer.   There are probably rules somewhere about how
> > to come up with good pass phrases, and what characters are acceptable
> > in a pass phrase, and how long a pass phrase should be.
> > 
> It's not incorrect; it just doesn't clarify anything.  The passphrase is 
> chosen at key generation time and may be changed later.  See the man 
> page for "ssh-keygen" for additional details.

Damn, if there is any possible way to misunderstand a subject, then I
will find it  :-(

Where I was going wrong was in thinking that any particular private key
is a direct slave of the pass phrase, that is incorrect.

In fact, many  _different_  pass phrases can be used to retrieve any
specific private key.

The pass phrase is merely like a password to help a user retrieve a 
_specific_  private key, when there are several private keys.

Except unlike a password, a pass phrase can be an easily remembered
phrase, like:

"Mares eat oats, and does eat oats, and little lambs eat ivy."

( "does", as pertaining to female deer)


How do I manage to get so screwed up when it comes to understanding a
subject.

Makes me glad I presented my example to you, so you could spot the
error in my thinking.



> See the man page for "ssh-keygen" for additional details.

That suggestion really helped me, thanks.

....except now I am  _really_  worried, because when I start to make
sense out of the man pages, there is no hope for me.

I might wind up on the bottom rung of the Unixy geek ladder, and that
is a fate I would not wish on a puppy dog.

Mark-
0
NoSpamDammit (843)
6/8/2005 7:19:38 PM
Reply:

Similar Artilces:

Mac to mac
I just remembered these groups and wondered if someone here could tell me whether what I'd like to do is possible. (NO ONE around here knows anything about Macs) I have a G4 that was the top of the line in 1998. It will die one of these days. It's currently running OS 9.2.2. Someone else(who now lives far away) installed the internal modem, SCSI for my scanner, and my floppy drive (so I didn't have to go through hundreds of them for the bits and pieces I might someday want again). I still have the floppies and a number of Zips, all of which this computer can read. Install...

It's a Mac, Mac, Mac World
I wonder how the Windows users would like my (ab)normal Microsoft-free world: My business: all Mac, no PCs. My dentist, family physician and urologist are all Mac. No PCs. Went to Sir Speedy today for more bus. cards and some binding: all Mac (no surprise there). My daughter's three new college room mates have emailed her. Two have PowerBooks and one has an eMac. (She has a G5 iMac.) I never even see a PC unless I am at the public library or a store using a Windows POS unit. It never was intentional. I don't scout a place to see what frickin' computer they use. Just happened. Kind of weird. -- Arf! Old CSMAer Nice! At work I'm stuck on Windows, plus at home my roommate and girlfrield both use Windows. Good thing is I have my ibook at work and both my roommate and gf are getting Macs after their Dell's are paid off. They use Mac's at work and see how my PowerMac at home works while their PeeCee's hose daily. They hate Windows now :) So i'm getting there :) Alex "OldCSMAer" <olddog@kennelsINVALID.com> wrote in message news:olddog-F4AC87.15141003082005@newsclstr01.news.prodigy.com... >I wonder how the Windows users would like my (ab)normal Microsoft-free > world: > > My business: all Mac, no PCs. My dentist, family physician and > urologist are all Mac. No PCs. > > Went to Sir Speedy today for more bus. cards and some binding: all Mac > (no surprise there). > > My dau...

networking mac to mac???
Hello, Can someone out there tell me the best (easy) way to network a ibook running os.9??? possibly to a new imac running osx 5wak <rosscoism@gmail.com> wrote: > Hello, Can someone out there tell me the best (easy) way to network a > ibook running os.9??? possibly to a new imac running osx Put an ethernet cable between them, enable tcp/ip and file sharing on one and log on from the other, seems to be what you are asking for? And you do not need a cross-over cable between modern Macs. -- /Jon For contact info, run the following in Terminal: echo 36199371860304980107073482417748002696458P|dc Jon <see_signature@mac.com.invalid> wrote: > 5wak <rosscoism@gmail.com> wrote: > > > Hello, Can someone out there tell me the best (easy) way to network a > > ibook running os.9??? possibly to a new imac running osx > > Put an ethernet cable between them, enable tcp/ip and file sharing on > one and log on from the other, seems to be what you are asking for? And > you do not need a cross-over cable between modern Macs. Correction: tcp/ipp of course needs to be enabled on the ethernet port on _both_ machines. File sharing, however, is only necessary on one (preferably the Mac OS X machine). -- /Jon For contact info, run the following in Terminal: echo 36199371860304980107073482417748002696458P|dc In article <1hxqr6q.1u7ne805d0g7N%see_signature@mac.com.invalid>, see_signature@mac.com.invalid (Jon) wrote: > ...

Mac to MAc Firewire
Hey all Looking for some help. I am trying to use a 6-6pin 1394 cable to connect two iBooks together and transfer some large files. iBook 1 dual USB 'white' iBook OS 9.2 iBook 2 G4 OSx 10.2 I boot iBook 1 into 'target drive' mode and get the firewire icon dancing about the screen then connect it to iBook 2 but the drive does not appear on the desktop. I have tried all combinations of rebooting/ connecting before and after rebooting but nothing seams to work. When the firewire is plugged in the target disk makes a short noise then nothing the host does not appear to react at ...

MAC to MAC connectivity
Hi, As part of a design that I'm investigating, I am looking at connecting a number of FPGA based MACs to a dedicated broadcom switch chip. The difficulty with this is that to interface both chips, I need to have two closely coupled and redundant PHY . Is it possible to connect two MAC (SGMII) directly point-to-point, bypassing the PHY completely? Or is it necessary to have at least some PHY functionality, even if it is a point to point link? Kind regards, Stephen Steve wrote: > Hi, > > As part of a design that I'm investigating, I am looking at connecting > a number of FPGA based MACs to a dedicated broadcom switch chip. The > difficulty with this is that to interface both chips, I need to have > two closely coupled and redundant PHY . > > Is it possible to connect two MAC (SGMII) directly point-to-point, > bypassing the PHY completely? Or is it necessary to have at least some > PHY functionality, even if it is a point to point link? I suppose it works. Cross connect RXD[] to TXD[]. Cross connect RX_DV to TX_EN, and provide a 125 MHz clock (could be supplied from another FPGA pin) On Feb 12, 9:01=A0pm, Steve <stephe...@gmail.com> wrote: > Hi, > > As part of a design that I'm investigating, I am looking at connecting > a number of FPGA based MACs to a dedicated broadcom switch chip. =A0The > difficulty with this is that to interface both chips, I need to have > two closely coupled and redundant PHY...

Mac Miail on .mac
I have my own domain name. Is there a way to get msil under .mac to set this as the reply to address. It seems that I am forced to use the @mac address but I could well be missing something. Thanks Colin Countryman wrote: > I have my own domain name. Is there a way to get msil under .mac to set this > as the reply to address. It seems that I am forced to use the @mac address > but I could well be missing something. > > Thanks > Colin Open a new Mail message - press Command-Alt-R to display the Reply-To field. Chu -- chuenginsberg at mac dot com On Sun, 21 Jan 2...

When is a Mac no longer a Mac?
OK, so Apple's going to go to Intel CPUs. Now Macs are no longer differentiated by a slow clock and superior instruction set--we've got the same hackjob clusterfuck on speed PCs have been using for decades now. And over the last few years Apple's gone away from SCSI, NuBus, ADB, Localtalk, etc. And PCs have picked up USB, dropped floppies, and colored their cases. The hardware's basically merging between the two platforms. On the software side, the classic MacOS is gone, replaced by Unixy stuff. And like it or not, higher up on the UI level lots of Windows-li...

WakeOnLAN Mac to Mac over the net?
My mother's trusty 4+ year old iMac G5 is starting to have heat issues (Northbridge over 180� F with occasional kernel panics), so we've configured it to sleep when not in use. So I wanted to see if I could get Wake On LAN working over the net, but so far haven't had success. The computer is connected directly to a cable modem - no router, and has the OS X firewall turned on. The System Preferences > Energy Saver > Power Adapter > Options > Wake for Ethernet administrator access checkbox is checked. I have an Airport Extreme on my end, which doesn't do any ...

Moving a User from Mac to Mac...
I currently have two old Macs...let's call them my MAIN Mac (a G4 running Tiger) and my OTHER Mac (early Intel iMac also running Tiger). And, I'm about to purchase a NEW Mac. (3 Macs...MAIN, OTHER and NEW) What I'd like to do is move virtually everything (user accounts, applications, settings, documents, etc.) from my current MAIN Mac to my NEW Mac. I've never actually done this before, but I believe, on initial install of the NEW Mac, the Mac OS actually asks if you want to do just this. Question#1: If the above is true, what cable is required during the install process whe...

[OT] A Mac emulator for... Mac. ;-)
The Mac on Linux emulator now has a native Mac port of the software. It still isn't as 'user friendly' as typical Mac applications are (i.e. you have to use disk utility to create disk images) and there's no Tiger support yet (either as host or guest), but on the flip side I hear it gets pretty good performance and with support hopefully they can get those usability and Tiger issues fixed. :-) In addition to running Mac OS X, it also allows developers to run Classic Mac OS and PPC Linux under emulation. This also makes me wonder what options would be ava...

Mac and non Mac Partition
Hello, I want to use my mac to copy some files to mp3 players or other portable stup. The problem for instance in a Fat16 partion the mac write some "._blahblah" files. And some player doesn't like these file and get frozen. I have to plug the player (or it's memory card) to a Pc, the remove these file in order to make it working. Is there a way to avoid this ? Thanks John In article <4a4cc7f2$0$12658$ba4acef3@news.orange.fr>, John <NoSpam@NoSpam.com> wrote: > Hello, > > I want to use my mac to copy some files to mp3 players or other portable ...

Mac - to
I've got the Msdros remote desktop that works OK. What I'd like to do, though, is to have a remote desktop from my iBook to my G5 computer, both on the most recent OS/X, tiger. release. What program do I have to use to log in to my G5 from my iBook so that I can, through wi-fi, control iTunes, play DVDs, and run terminal on the G5 on the iBook? [[ This message was both posted and mailed: see the "To," "Cc," and "Newsgroups" headers for details. ]] In article <1180031966.406197.148070@g4g2000hsf.googlegroups.com>, Peter Brooks <Peter.H.M.Brooks@gmail.com> wrote: > I've got the Msdros remote desktop that works OK. > > What I'd like to do, though, is to have a remote desktop from my iBook > to my G5 computer, both on the most recent OS/X, tiger. release. > > What program do I have to use to log in to my G5 from my iBook so that > I can, through wi-fi, control iTunes, play DVDs, and run terminal on > the G5 on the iBook? > I use Remote Desktop v3.1 to do that with my iBook and G3. http://www.apple.com/remotedesktop/ Cheers, Darrell -- To reply, substitute .net for .invalid in address, i.e., darrell.usenet6 (at) �telus.net In article <1180031966.406197.148070@g4g2000hsf.googlegroups.com>, Peter Brooks <Peter.H.M.Brooks@gmail.com> wrote: > I've got the Msdros remote desktop that works OK. > > What I'd like to do, though, is to have a remote desktop...

Microsoft Office 2008 for Mac, MacDrive 7.0.10, Apple Mac OSX Tiger 10.4.10 for Mac Intel, Propellerheads.Reason.v4.0.HYBRID, Maya Unlimited 2008 for Mac, FXpansion GURU 1.1.280 for Mac, Roxio Popcorn
Microsoft Office 2008 for Mac, MacDrive 7.0.10, Apple Mac OSX Tiger 10.4.10 for Mac Intel, Propellerheads.Reason.v4.0.HYBRID, Maya Unlimited 2008 for Mac, FXpansion GURU 1.1.280 for Mac, Roxio Popcorn 3 for Mac, MapleSoft Maple 11.01.303882 Pro for Mac, other Mac Stuff CDs, A to Z, updated 2007/10/15, and Win & Mac programs, 'WinMac', 'PC/ MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' please send e-mail to : ola 'AT' mail 'DOT' gr , ola3 'AT' mailbox 'DOT' gr , www 'DOT' 20000plusdvdsandcds 'DOT' tk , ( please substitute 'AT' with '@' , and 'DOT' with '.' ) , ola@mail.gr, ola3@mailbox.gr, www.20000plusdvdsandcds.tk --------------------------------------- 2007-10-15 MacDrive 7.0.10 Microsoft Office 2008 for Mac (1 cd) 2007-10-02 MakeMusic Finale 2008 for Mac (3 cd) 2007/10/02 Propellerheads.Reason.v4.0.HYBRID 1DVD 2007-10-05 Adobe Photoshop Lightroom 1.2 for Mac ------------------------------------------------------- 2007/09/29 Autodesk Maya Unlimited 2008 for Mac (1 dvd) 2007/09/25 FXpansion GURU 1.1.280 for Mac (1 dvd) 2007/09/14 Sorenson Squeeze Compression Suite 4.5.3 for Mac 2007/09/09 Apple Mac OSX Tiger 10.4.10 for Mac Intel (1 dvd) MapleSoft Maple 11.01.303882 Pro for Mac (1 cd) Roxio Popcorn 3 for Mac (1 cd) Vertus Fluid Mask 3.0.1 for Mac -------------------------------...

Microsoft Office 2008 for Mac, MacDrive 7.0.10, Apple Mac OSX Tiger 10.4.10 for Mac Intel, Propellerheads.Reason.v4.0.HYBRID, Maya Unlimited 2008 for Mac, FXpansion GURU 1.1.280 for Mac, Roxio P
Microsoft Office 2008 for Mac, MacDrive 7.0.10, Apple Mac OSX Tiger 10.4.10 for Mac Intel, Propellerheads.Reason.v4.0.HYBRID, Maya Unlimited 2008 for Mac, FXpansion GURU 1.1.280 for Mac, Roxio Popcorn 3 for Mac, MapleSoft Maple 11.01.303882 Pro for Mac, other Mac Stuff CDs, A to Z, updated 2007/10/15, and Win & Mac programs, 'WinMac', 'PC/ MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' please send e-mail to : ola 'AT' mail 'DOT' gr , ola3 'AT' mailbox 'DOT' gr ...

mac
compatibility ...

Mac
My PC crashed I am looking to purchase a mac. I have never used mat lab but will be required to do so for my regression class. in class I will have to work with mat lab pc files. is this possible on Mac and how cumbersome is the process? Thank YOu, Daniel Fell dfell@chicagogsb.edu Daniel Fell <danielfell125@yahoo.com> wrote: > My PC crashed I am looking to purchase a mac. I have never > used mat lab but will be required to do so for my > regression class. in class I will have to work with mat > lab pc files. is this possible on Mac and how cumbersome is > t...

Mac
Waiting at the car wash, they have three Windows PC and a Mac for you to use while you're waiting. Tried the Mac. Not impressed, at all. Clumsy, limited options, ass-backward caption bar, crappy mouse response (though probably the mouse just needs a mouse pad to work better), incredible lack of preferences options, new windows don't always get focus. Safari was disappointing compared to Chrome or Firefox. And I didn't even get to the console terminal or compiler environment. I lasted five minutes, and was tired of playing with the Mac. Not the fairest test, of cour...

Mac, Mac <-> PC & Mac <-> Unix networking for Dummies?
Any good introductory guides to building your own Mac/PC/Unix LAN, understanding modems, ADSL, Firewalls, etc? I ask on behalf of a friend setting up a small home LAN for the first time, but frankly I'd love such a guide for myself! There are a lot of grey areas in networking for me and stuff I just do without fully understanding why. Any and all help much appreciated :-) Regards, Jamie Kahn Genet -- I am Pentium of Borg, Division is Futile, You will be approximated! ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==---- http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups ---= East/West-Coast Server Farms - Total Privacy via Encryption =--- ...

2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTI
2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' GARAGE SALES, buy, risk-free purchase, working, tested, fully functional, very cheap discounted price, low cost, quality OEM software, -------------------------------------------------------- Abvent Artlantis v4.5 Mac 1CD Abvent.PhotoCAD.v1.0.MacOSX ACD.Systems.Canvas.X.0.2.925.MacOSX Adobe.Acrobat.7.0.Pro.for.Mac.OS 1C...

Adobe.CS3.Web.Premium.Vol.MAC.OSX 1DVD, other Mac Stuff CDs, A to Z, updated 2007/April/28, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS',
Adobe.CS3.Web.Premium.Vol.MAC.OSX 1DVD, other Mac Stuff CDs, A to Z, updated 2007/April/28, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' -------------------------------------------------------- DFT Super Bundle for Apple Final Cut Pro, 4 CDs The DFT Super Bundle includes full versions of: 55mm, Digital Film Lab, Composite Suite, and zMatte. DFT Filter Bundle for Apple Final Cut Pro, 1 CD The DFT Filter Bundle includes full versions of: 55mm and ...

2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTI #2
2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' GARAGE SALES, buy, risk-free purchase, working, tested, fully functional, very cheap discounted price, low cost, quality OEM software, -------------------------------------------------------- Abvent Artlantis v4.5 Mac 1CD Abvent.PhotoCAD.v1.0.MacOSX ACD.Systems.Canvas.X.0.2.925.MacOSX Adobe.Acrobat.7.0.Pro.for.Mac.OS 1C...

Adobe.CS3.Web.Premium.Vol.MAC.OSX 1DVD, other Mac Stuff CDs, A to Z, updated 2007/April/28, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULT #2
Adobe.CS3.Web.Premium.Vol.MAC.OSX 1DVD, other Mac Stuff CDs, A to Z, updated 2007/April/28, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' -------------------------------------------------------- DFT Super Bundle for Apple Final Cut Pro, 4 CDs The DFT Super Bundle includes full versions of: 55mm, Digital Film Lab, Composite Suite, and zMatte. DFT Filter Bundle for Apple Final Cut Pro, 1 CD The DFT Filter Bundle includes full versions of: 55mm and ...

2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', '
2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' GARAGE SALES, buy, risk-free purchase, working, tested, fully functional, very cheap discounted price, low cost, quality OEM software, -------------------------------------------------------- Abvent Artlantis v4.5 Mac 1CD Abvent.PhotoCAD.v1.0.MacOSX ACD.Systems.Canvas.X.0.2.925.MacOSX Adobe.Acrobat.7.0.Pro....

2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', '
2006/02/04 VectorWorks.V12.MAC.OSX 3CDs, other Mac Stuff CDs, A to Z, updated 04/Feb/2006, and Win & Mac programs, 'WinMac', 'PC/MaC', 'Win-Mac', 'Multi', 'Multi-Platform', 'MultiFormat', 'MULTIOS', 'HYBRID' GARAGE SALES, buy, risk-free purchase, working, tested, fully functional, very cheap discounted price, low cost, quality OEM software, -------------------------------------------------------- Abvent Artlantis v4.5 Mac 1CD Abvent.PhotoCAD.v1.0.MacOSX ACD.Systems.Canvas.X.0.2.925.MacOSX Adobe.Acrobat.7.0.Pro....

Web resources about - Mac-to-Mac VPN? - comp.sys.mac.comm

Command-C Adds Mac to Mac Sharing and Clipboard History
iOS/Mac: Command-C is one of the better apps for sharing data between iOS and Mac . It recently added the ability to share clipboard data between ...

Macs to Macs: Burberry chief executive Angela Ahrendts joins style drain to Apple
... Vogue. What is different about Ms Ahrendts’ departure, however, is that after 30 years she’s leaving the fashion business entirely – to join ...

Macs to Macs: Burberry head Angela Ahrendts joins style drain to Apple
... Vogue. What is different about Ms Ahrendts’ departure, however, is that after 30 years she’s leaving the fashion business entirely – to join ...

Resources last updated: 3/23/2016 8:55:58 AM