Protect Your Mac (or Linux/Unix/BSD box) From Theft

This will be done using the terminal, cron and the command SSH. Cron is a tool that's used to shedule program executions and SSH is a tool for remote control. We will also need a second computer (from this point called the server) with SSH, that we will be constantly connected to. When this is ready we will be able to connect to our stolen computer via the server.

We want a client that reconnects if connection is lost, and that is constantly but silently connected to the server. This can be done by typing the following into the terminal.

sudo crontab -e

This will open your current cron-jobs. Don't change what's already there if you don't know what you are doing. The reason we will use cron from root will become obvious in the Autologin chapter, but for now you'll have to trust me (or read that one in advance). Now what you want to add is:

@reboot while [ 1 ]; do ssh -NR PORT:localhost:22 -o ExitOnForwardFailure=yes -o TCPKeepAlive=no -o ServerAliveInterval=15 USERNAME@IP; sleep 30; done

This will make sure that when the computer is restarted a loop will be started that tries to connect to the server once every 30 seconds if no connection is already started. You will have to replace PORT with a port not used on the server where you want to connect to your computer and IP with the IP or hostname of the server. You might have to open a port in your router for this. To find your IP you can use cmyip.

If someone would steal your computer and have some technical skills your account will be removed pretty quickly, and the root password will be replaced long before you have a shot at connecting to the computer. What we will need is therefore ssh autologin, and hope that it will not be detected. The way we do this is to the following in the terminal.

sudo su # become root, could also be only su on other unix-like-systems

ssh-keygen -b 4096 -t rsa # generate a high security key with rsa encryption for the user root. This will take a while, especially on a slower computer. Just press enter on all indata unless you know what you are doing.

cat ~/.ssh/id_rsa.pub

On the bottom you will have a cryptic text that starts with ssh-rsa. Copy the whole line (triple-click on ssh-rsa and Command-C). You now have a key on your computer. Now we are going to input some stuff in the server. It's recommended to SSH from your current computer to keep the copied text.

ssh youruser@IP

sudo su # become root, again, can be su. If you don't have root access you can jump down to the last step in this chapter (nano) but it will leave your account on the server open to attacks if the thief finds the cron-script

useradd -d /dev/null -g nobody USERNAME # create an user simply for listening

su USERNAME # become the new user

mkdir ~/.ssh/

nano ~/.ssh/authorized_keys # or emacs, or vi. Paste the code you copied from the other machine.

Now we are almost ready. We now have a constant connection to the computer via the server on the chosen port, but that's not all we want. We want to be able to do stuff. To do this we will have to add some stuff on the server too. If you already have a key on the server then skip the ssh-keygen.

ssh youruser@IP

ssh-keygen -b 4096 -t rsa # if you don't already have a key on the system

cat ~/.ssh/id_rsa.pub

Copy the code starting with ssh-rsa, as done in the previous chapter, and paste it on your protected computer via:

sudo nano ~/.ssh/authorized_keys

Now we have a theft protection system. Lets find out how to use it. Make sure your computer has been restarted since we entered thees codes, or execute the cron-script manually. Use the server (SSH or not doesn't matter) and type:

ssh -p PORT USERNAME@127.0.0.1 # where username, ip and port is chosen earlier in the howto

say "I'm in your computer."

You can also use:

sftp -oport=PORT USERNAME@127.0.0.1

...to download important files, just in case you can't get the computer back. To find out where your computer is (to file a police report) you can use the following:

telnet cmyip.com 80

GET /

This will fetch your IP. If this would happened you could google more commands like "webcam terminal mac" or something to get even more control of the situation. Your computer should now be safe from most computer theives, as long as they don't format the system, which would be very likely. In that case you can only hope that they give you enought time to do your thing first.