OT: SSH on OS X

Brent Anderson brentj84062 at gmail.com
Mon Jan 15 16:34:18 EST 2007 

Hello.

Since it was off topic, we transferred the conversation to a private  
email thread. Here are the emails that were exchanged following the  
last public post.

<Sent by brentj84062 at gmail.com to jacque at hyperactivesw.com>
It's fine if you contact me privately. If your router is claiming to  
be forwarding correctly, then I'm not sure where the hang-up would  
be. Assuming you used Sharing to enable SSH, the firewall on your mac  
automatically opens the port it needs. Do you have Stealth Mode  
enabled, perhaps? On Tiger if you click the Advanced button on the  
Firewall tab you can access the firewall log. That may provide a  
little more insight into your problem. If the log is kept on previous  
versions of OS X, it should be located at /var/log/ipfw.log and is  
accessible using the application /Applications/Utillities/ 
Console.app. I hope that works for you.

Thanks,
Brent Anderson

<Sent by jaque at hyperactivesw.com to brentj84062 at gmail.com>

Hi. I hope it is okay to contact you offlist. I need to get SSH  
working from outside my local network. I've tried just about  
everything with no success. If you don't have time to help, I really  
do understand. Please don't feel obligated.

Here is what I've done so far. I want my desktop Mac to receive the  
SSH requests. On that Mac, I have:

Enabled Remote Login in the Sharing prefs
Added ports 5900-5902 to the open ports in the firewall (for eventual  
VNC later on)
Set my network router to forward port 22 to the local IP address of  
my Mac

Then I get on my Powerbook. If I am on the local network and use the  
local IP for SSH, it works fine. I can SSH to the desktop Mac, and  
see everything in Terminal. If I turn on Remote Desktop on the  
desktop Mac, I can use a VNC viewer to see and work with the desktop  
Mac.

Then I took my Powerbook to a nearby internet cafe. I issused this  
command from Terminal: ssh user at 75.72.193.146

where "user" is a non-priveleged account on the desktop Mac and  
"75.72.193.146" is the current IP of the WAN address on my router.  
Terminal is completely unresponsvie for about a minute, and then I  
get the message "Could not connect to 75.72.193.146. Operation timed  
out." There is no other info and I am never asked for a password. I  
tried this several times. Sometimes I used this command instead:

   ssh -L 5900:127.0.0.1:5900 user at 75.72.193.146

just to see if I could map ports for VNC, but that failed the same  
way, no connection with a timeout.

When I got back home, I looked at the router logs. It showed that a  
connection request was received and forwarded to my desktop Mac:

Sun, 01/14/2007 12:10:07 - SSH forwarded - Source:71.210.170.117,  
52180, WAN - Destination:75.72.193.146, 22, LAN
Sun, 01/14/2007 12:10:07 - SSH forwarded - Source:71.210.170.117,  
52180, WAN - Destination:198.162.0.2, 22, WAN

I'm not sure why there are two entries, but each attempt I made has  
the same 2 lines. Maybe there is something wrong with the port  
forwarding? The desktop Mac is correctly assigned at 198.162.0.2,  
which is a static local IP.

Do you have any ideas? I know very little about this, but it looks to  
me like everything is going fine until the request hits my desktop  
Mac, which then never responds. There is a "stealth" checkbox in the  
"advanced" settings in the firewall pane in Sharing prefs, but I did  
not turn that on.

Again, if you don't have time for any of this, I really do  
understand. Please don't feel obligated. But if you do have time, I'd  
really appreciate any advice you can offer.

Thanks much.

Jacque
-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com


<Sent by jacque at hyperactivesw.com to brentj84062 at gmail.com>
Brent Anderson wrote:

> It's fine if you contact me privately. If your router is claiming  
> to be forwarding correctly, then I'm not sure where the hang-up  
> would be. Assuming you used Sharing to enable SSH, the firewall on  
> your mac automatically opens the port it needs. Do you have Stealth  
> Mode enabled, perhaps? On Tiger if you click the Advanced button on  
> the Firewall tab you can access the firewall log. That may provide  
> a little more insight into your problem. If the log is kept on  
> previous versions of OS X, it should be located at /var/log/ 
> ipfw.log and is accessible using the application /Applications/ 
> Utillities/Console.app. I hope that works for you.
>

I have fixed it -- all because of you. :)

Sometimes when you write it all down, you start to see things  you  
didn't before. I had my router pointing to an incorrect local IP. I'd  
swapped a couple of numbers by mistake. When I fixed that and  
forwarded to the correct IP -- that is, 192.168.0.2 -- by george, it  
works.

I feel both relieved and stupid. But I thank you for making me write  
it all down. :) I'm happy now.

Jacque

-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com


<Sent by brentj84062 at gmail.com to jacque at hyperactivesw.com>
Hello.

Glad I could help.

Thanks,
Brent Anderson
CMSEC

**** END OF THREAD *****

There you have it. Everything was in place to begin with and the  
first rule of tech support (Which I neglected to apply when I  
responded to his query) has been justified once more: When you first  
have a problem, check everything over before looking any deeper.  
Sometimes it's as simple as an unplugged plug (Or, in this case, a  
mistaken IP address)


Thanks,
Brent Anderson
CMSEC

More information about the use-livecode mailing list