5

10.6 came with a lame feature where it shows a dialog whenever you click a ssh:// link, saying:

Terminal is opening a ssh connection to 1.2.3.4 for Safari. Do you want to allow this? This will reveal your user name to the host that you are connecting to.

Same for Firefox.

Improve this question
5
  • There doesn't appear to be a way to disable the prompt. I filed rdar://problem/7277164, you (and others finding this question) may want to file an enhancement referencing it.
    – s4y
    Commented Oct 5, 2009 at 22:18
  • I've honestly never clicked on an ssh:// link or even seen one that I can recall. Is there a reason why you can't just login normally?
    – Hasaan Chop
    Commented Oct 21, 2009 at 4:28
  • 4
    It's not lame at all. Do you really want a link to potentially reveal your valid username to a third party without your awareness? Maybe you'd be happier on windows, where they err on the side of insecurity. And look where that gets you. :)
    – Randal Schwartz
    Commented Oct 29, 2009 at 7:26
  • 1
    Yes, it is lame. If Snow Leopard were smart, it would disable this notification if the host was in the known_hosts file.
    – matpie
    Commented Nov 17, 2009 at 18:26
  • @sirlancelot At least since Mountain Lion, this has been implemented. Screenshot
    – Daniel Beck
    Commented Aug 13, 2012 at 21:47

4 Answers 4

Reset to default
2

It appears that this is a feature of Terminal.app, and unrelated to the browser in any way. And as suggested, iTerm doesn't display this warning when it's started with a command to open an ssh: URL, so setting iTerm to be your default ssh: URL handler appears to be the way to go.

I just verified that by changing Firefox's default application for handling ssh: URLs to iTerm, I don't get this warning dialog. (I did this using the Preferences/Applications/ssh entry, choosing iTerm as my default preferred handler.)

Using RCDefaultApp (http://www.rubicode.com/Software/RCDefaultApp/), I was able to change the system-wide default for handling SSH URLs. (Once the preference pane is installed, go to the "URLs" tab of the pane, scroll down to "ssh", and choose iTerm from the pulldown list of applications.) Once this was done, Safari also used iTerm, and I didn't get the warning dialog.

As Randal Schwartz said in the comment, though, this is a true feature of Terminal.app warning you of the possibility of leaking information (your username) to a host out of your control. I agree that it's a bit draconian, but it's important to understand that by switching to iTerm, you give up this feature...

Improve this answer
2
  • "It appears that this is a feature of Terminal.app, and unrelated to the browser in any way." Not quite. Terminal only warns if the URL has been "quarantined" by the sending application. Safari quarantines files it downloads and URLs it opens. You can put an ssh: URL in a text file and open it from TextEdit and you won't be warned by Terminal.
    – Chris Page
    Commented Sep 22, 2011 at 1:12
  • "…iTerm doesn't display this warning when it's started with a command to open an ssh: URL…" It really ought to. This is a real security issue. I think the only question for Terminal is whether it should have a means for you to tell it not to warn about specific hosts.
    – Chris Page
    Commented Sep 22, 2011 at 1:14
0

Opera opens the Terminal window but does not display that warning (it displays its own warning, which you can disable).

I don't know what is different about how Opera launches the Terminal versus how Safari and Firefox do it though.

Improve this answer
3
  • Just to ask the obvious: so on your Mac, Terminal does show the warning when opening from Safari?
    – Arjan
    Commented Nov 4, 2009 at 10:00
  • Yes, both Safari and Firefox show the warning.
    – JimG
    Commented Nov 5, 2009 at 18:11
  • Safari (and apparently Firefox) "quarantines" downloaded files and URLs that it sends to other processes. Terminal only warns about quarantined URLs. It sounds like Opera performs its own warning and does not quarantine URLs.
    – Chris Page
    Commented Sep 22, 2011 at 1:16
0

iTerm2 doesn't have this problem: http://sites.google.com/site/iterm2home/

Improve this answer
1
  • It probably should provide a warning like Terminal. The only issue is whether there should be a means to suppress it for specific hosts.
    – Chris Page
    Commented Sep 22, 2011 at 1:17
0

The MacOS Sierra, I am seeing a warning prompt from Safari before starting iTerm2. At least I believe it's from Safari, it doesn't look like an iTerm2 window.

Improve this answer

You must log in to answer this question.