OT: SSH on OS X

[J. Landman Gay]

Sarah Reichelt wrote:
> I don't know about anyone else, but I am very interested in this
> thread and would like to see it remain on list.

Okay, I guess I owe it to the list to say what went wrong and how I 
solved it. I did solve it, by the way, because having to write 
everything up for Brent in a private mail forced me to re-read what I'd 
done. When I did that, I finally noticed -- after days of frustration -- 
that I had made a (oh, this is embarrasing) typo. When I fixed my typo, 
voila, it all worked. So I feel stupid. But relieved.

The upshoot is that, yes, it is easy to enable remote SSH in OS X 
provided you can type correctly. Here is how:

1. In System Preferences, Sharing pane: turn on Remote Login. This opens 
up port 22 in the software firewall and allows SSH traffic to your Mac.

2. If you have a router connected to your internet pipe, forward port 22 
to the local IP address of the Mac you want to connect to. For me this 
was 192.168.0.2, which is the static IP of my desktop Mac on our home 
LAN. (This is where I made the typo. I swapped a couple of the numbers. 
No wonder it didn't work, my router was sending info into the cybervoid.)

3. Find out what your public WAN IP is; this is the one the world sees 
on the internet. You can look at your router logs for that info, or else 
go here to find out: <http://whatismyipaddress.com/>. This is the IP you 
need to use for SSH from a remote location. Note that most ISPs will 
change this number periodically. There are services you can use to 
accomodate that, but for my tests I just used the currently assigned IP.

That should be all you need to do. Now take your laptop to an internet 
cafe somewhere, open Terminal, and type:

ssh user at 123.123.123.123

Substitute a valid user account on your home Mac for "user" and your WAN 
IP address for the 123s. You should get a password prompt, and then you 
are in. Unless, of course, you make a typo. :)

Now about the issue of dynamic WAN IPs. There are a few services you can 
sign up with for free that act sort of like a DNS service for private 
routers. They allow you to log in to an account name instead of an IP 
number, and will re-route the name to the current WAN IP of your home 
router. Every time your ISP changes the number, your router informs the 
service and they update the routing info. Most routers these days 
support this stuff, I think. My Netgear router supports any of three of 
these services, one of which is dyndns.org, which is what I will 
probably use. Once you sign up, you just set your router to notify the 
service at every IP change. Then when you SSH in to your Mac, you can 
use your assigned name/account info instead of a number:

ssh user at my.assigned.name

If your router doesn't support this service natively, I understand there 
is software you can run on your Mac that will do the same thing.

Hope this helps.

-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com