To create your key pair, go to the Favorites settings (Menu "Favorites", option "Edit Favorites…"), click on "Change", and in the SSH2 tab, click "Initialize SSH…". This is to be done only once for all SSH2 connections, and creates a couple of files named "identity" and "identity.pub" in the same folder as MacSSH.
identity is your private key file. don't give it to anyone.
identity.pub is the corresponding public key, which you give to SSH2 admins whose servers require a public key to accept connections.
If you intend to connect to OpenSSH/SSH2 servers using public key userauth, you will have to convert your public key to OpenSSH/SSH2 format by clicking on "Export public key…" and send the resulting file to the admin.
Client configuration:
In the Favorites settings, tab SSH2, select the Encryption, Authentication and Compression methods to use, and, for a first connection to a host, leave the "Never trust unknown host key" unchecked. this will let MacSSH accept new keys from the SSH2 host you connect to.
In the Favorites settings, tab Security, Select the Protocol ssh2 (Secure Shell), and enter your login. You can leave the password blank if you don't want to save it in MacSSH preferences, it will be asked later.
You should now be able to connect to the host.
Port Forwarding:
Duplicate the Favorite you want to connect to for port forwarding (or create a new favorite from scratch configured for SSH2), and in the SSH2 tab, select either Local or Remote TCP Port forwarding as Method. Enter the Local Port number, the Remote Host Name and the Remote Port Number, where Local Port number is the port number you want to use on your Mac as listener, and (Remote Host Name, Remote Port Number), the target service you want to use. connect this session. You should then be able to use your favorite app connected on 127.0.0.1:localport, tunnelled via MacSSH to the SSH2 server, itself connected (unencrypted, this time) to remotehost:remoteport. Note that 'remote host' is generally the same host as the SSH2 server you're connected to, or close to it.
If you want to know more about this feature, I highly recommend lsh documentation from the current lsh archive /doc/lsh.html file.
an example:
I'm home, and want to access my company's intranet to use my email securely.
We have a firewall on the internet, let's call it gateway.company.com, where an SSH2 server is running.
I've created two SSH2 forwarding favorites (in verbose mode) to connect to gateway.company.com, one for POP3, to read my messages, and the other for SMTP to send them.
The first forwards local port 110 (POP3) to the host pop3server.company.com port 110,
The second forwards local port 25 (SMTP) to the host smtpserver.company.com port 25.
I've created a new account in my email client, with the usual settings, but both the POP3 and the SMTP servers set to 127.0.0.1.
To get/send my email, I connect both MacSSH sessions, then get/send messages from my emailer.
Troubleshooting:
If you have problems to connect to a host, you can activate the verbose/debug/trace modes from the SSH2 tab, leave the terminal window opened, by checking the "Windows don't go away" box in the Preferences dialog, and type Cmd-' (single quote) to open the console window. The connection traces will be displayed in this window.
