Meerkat Digs SSH Tunnels

SUMMARY


Meerkat 1.2.1
4.5
$20
Code Sorcery Workshop
http://codesorcery.net/
10.4 or later


Apple includes with Mac OS X the command-line programs `sftp` and `scp` for securely moving files to and from remote servers. But OS X also includes the OpenSSH (`ssh`) suite of tools, which can be used for similar purposes and much more, including securely shunting data across the Internet on behalf of other programsÑa procedure commonly called _tunneling_. Tunneling is useful for securely accessing remote services, as well as for making local services securely accessible to remote computers. Tunnels are often used for working around firewalls (which may allow `ssh` but block other useful services) and for providing encrypted-transfer security to programs that don't provide it directly.

Unfortunately, establishing OpenSSH tunnels directly is complicated. For example, here's a snippet of code I use to tunnel Screen Sharing through firewalls and initiate a Screen Sharing connection:

`alias ivnc='(sleep 4; open vnc://127.0.0.1:5901) & ssh -C -4 -L 5901:127.0.0.1:5901 inspector'`

That's pretty inscrutable. Code Sorcery Workshop's **[Meerkat](http://codesorcery.net/)** provides a more understandable way of doing the same thing. Meerkat's well-designed Mac interface lets you more easily take advantage of OpenSSH tunneling, and offers a number of useful extra features including Bonjour auto-discovery.

![Meerkat](meerkat-configure-tunnel.png)

Meerkat is a standard Mac OS X application you drag to your Applications folder to install. To set up a tunnel using Meerkat ¥¥¥CAN YOU PROVIDE A BRIEF DESCRIPTION HERE? YOU CAN USE YOUR SCREEN SHARING EXAMPLE, ABOVE¥¥¥

Because Meerkat can be configured to automatically establish a tunnel when a specified application launches, this Screen-Sharing tunnel is activated whenever I start Screen Sharing. As a bonus, when the tunnel is active, Screen Sharing is available in the Shared section of Finder-window sidebars.

![Meerkat](meerkat-tunnels.png)

Unfortunately, Meerkat's Tunnel Setup Assistant is a bit less magical than I expected. For example, it requires you to enter port numbers directly; it would be much easier to use if you could just choose a service name, such as _iTunes_. It would also be helpful if the program provided a few pre-made tunnel configurations, such as "Access Screen Sharing/Mac VNC on [hostname]," "Access the iTunes library on [hostname]" or "Access IMAP email on [hostname]."

Meerkat also provides a `meerkat` command-line tool, which can be installed from the main Preferences window. Yes, it's a delightful, circular irony that the meerkat command-line tool drives the Meerkat graphical application which runs the system's built-in `ssh` command-line tool. But `meerkat vnc up` and `meerkat vnc down` are indeed much simpler than the sort of messy command I provided above.

Still wondering if a Meerkat might be useful to you? Here are some real-world scenarios where Meerkat could come in handy:
* If you have an account at an old-school ISP, which offers `ssh` access and standard POP/IMAP/SMTP, but not the more-secure SSL/TLS variants, Meerkat can provide secure access to your e-mail.
* Mac OS X's Screen Sharing (VNC) feature offers encryption for network transfers, but only when connecting between Macs. If you need to make secure VNC connections to Linux servers, Meerkat can provide the additional security.
* Using Bonjour, Meerkat can make an iTunes library at home available even from work or on the road (you might also use http://www.dyndns.com/ or an equivalent if your home IP address is not static).

¥¥¥NEED A BRIEF CONCLUSION¥¥¥


_Want to stay up to date with the latest Gems? Sign up for the [Mac Gems newsletter](http://www.macworld.com/newsletters/index) for a weekly e-mail summary of Gems reviews sent directly to your Inbox._