Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Erroll
Erroll Author
User level: Level 1
102 points

How do I connect to another Mac via SSH?

Can somebody walk me through, or steer me to an online tutorial on, the following:

I want to connect to my work computer from my home computer. Both are Macs running 10.4.10. The work computer (a MDD Dual G4) is on an airport extreme network, and my home computer (17" macBook Pro) is on a wireless network with a NetComm router. 'Remote Login -SSH' is enabled on the work computer.

I got the work computer's IP address from: http://www.ip-adress.com/
and just tried to 'Connect to server' from the finder but the connection fails. I also tried to connect using SSH using the instructions here:
http://www.cmu.edu/computing/documentation/terminal/terminal.html
but the connection also failed. I'm unsure if I have to download and install something called Kerberos, for this to work.

I suspect I may have to configure one or both routers to get this to work, but have no idea where to start. Can anyone help?

Thanks in advance,
Steve = : ^ )

17" MacBook Pro, Mac OS X (10.4.10)

Posted on Jul 29, 2007 2:04 AM

Reply
Question marked as Best reply
User profile for user: Camelot
Camelot
User level: Level 9
54,333 points

Posted on Jul 29, 2007 3:13 AM

You shouldn't have to configure anything on your home router, but you will on the one at work.

The office network is almost certainly denying incoming connections (from the internet). You may be using a NAT-based router, or a firewall, but either way incoming connections are blocked.

The solution is going to depend on how your network is configured. If you're using a simple NAT-based router then you need to setup port forwarding to forward connections on port 22 to your desktop Mac.
If you're using a firewall, you'll need to add a firewall policy that allows incoming traffic.

In both cases you'll probably need to configure the desktop with a static IP address so that the port forwarding will be consistent - it's no good forwarding the SSH connection to 192.168.1.10 today if the desktop moves to .11 tomorrow because it's using DHCP.

The alternative (and somewhat better) solution is to implement a VPN connection. This enables your machine at home to appear just like any other machine on the office LAN, giving you full access to al the resources at the office (including printers, file servers, etc.). It'll take a little more to setup, but offers additional advantages that might be useful.
View in context
30 replies
Question marked as Best reply
User profile for user: Camelot
Camelot
User level: Level 9
54,333 points

Jul 29, 2007 3:13 AM in response to Erroll

You shouldn't have to configure anything on your home router, but you will on the one at work.

The office network is almost certainly denying incoming connections (from the internet). You may be using a NAT-based router, or a firewall, but either way incoming connections are blocked.

The solution is going to depend on how your network is configured. If you're using a simple NAT-based router then you need to setup port forwarding to forward connections on port 22 to your desktop Mac.
If you're using a firewall, you'll need to add a firewall policy that allows incoming traffic.

In both cases you'll probably need to configure the desktop with a static IP address so that the port forwarding will be consistent - it's no good forwarding the SSH connection to 192.168.1.10 today if the desktop moves to .11 tomorrow because it's using DHCP.

The alternative (and somewhat better) solution is to implement a VPN connection. This enables your machine at home to appear just like any other machine on the office LAN, giving you full access to al the resources at the office (including printers, file servers, etc.). It'll take a little more to setup, but offers additional advantages that might be useful.
Reply
User profile for user: Erroll
Erroll Author
User level: Level 1
102 points

Jul 29, 2007 2:29 PM in response to Camelot

Thanks. The router at work is an Airport Extreme Base Station.

Setting up a VPN sounds more elegant but, as you say, I'm going to need more help. Do you know of a tutorial somewhere? Is there any good free VPN software fro the Mac. Do you have a recommendation if I need to buy something?

Thanks in advance,
Steve = : ^ )
Reply
User profile for user: Erroll
Erroll Author
User level: Level 1
102 points

Jul 29, 2007 6:17 PM in response to Camelot

I've taken my MacBook to work. In 'Port Mapping' I've configured the Airport Extreme base station to pass Public Port 22 to Private Port 22 at Private IP Address 10.0.1.10 which is the IP address given in System Preferences>Network>Airport>TCP/IP on the work computer.

The 'Internet' section of Airport Utility shows 'IP address' as 220.239.ab.xyz (which is the same address that I get from the website which tells me the work computer's IP address) and 'Router address' as 220.239.ab.x.

The work computer's firewall is configured to allow Personal File Sharing, Personal Web Sharing and Remote Login.

When I try to 'Connect to Server' from the Finder of my MacBook and type in 220.239.ab.xyz (the router's address), the connection times out while "Looking up 220.239.ab.xyz."

What am I still missing?

Thanks in advance,
Steve = : ^ )
Reply
User profile for user: Rick Van Vliet
Rick Van Vliet
User level: Level 5
6,372 points

Jul 29, 2007 7:15 PM in response to Erroll

If you've got both computers inside the same LAN (10.0.1.x)...
try this SSH from MB (it should have an IP of 10.0.1.xy, also)
and attempt a SSH to 10.0.1.10.
Do not try connecting from the inside (10.0.x.x) to your outside (220.239.x.x) IP address

Unless we're missing something.
Working inside the LAN, all PC's should be in the 10.0.1.x range.
(the router IP in mac's netconfig panel should be 10.0.1.1).
That main router's public Ip (outside) will be 220.239.ab.xyz

Is the router the AE Base Station, or is there another device?
You have several 220.239.ab.??? numbers
ab.x and ab.xyz
are these really the same, or are they different?
Reply
User profile for user: Erroll
Erroll Author
User level: Level 1
102 points

Jul 29, 2007 7:52 PM in response to Rick Van Vliet

Thanks again. I can connect to the work computer as 10.0.1.10 from the Finder (Is this an SSH connection?) and also selecting by SSH in Terminal. However, once logged in via Terminal, I don't know how to access the disks attached to the work computer; in the Finder they offer themselves up to be mounted.

Yes, the AE base station is the router. In the 'Internet' section of Airport Utility it lists "IP address" as 220.239.ab.xyz and "Router address" as 220.239.ab.x", i.e. two digits shorter than "IP address", but otherwise the same.

Steve = : ^ )
Reply
User profile for user: Rick Van Vliet
Rick Van Vliet
User level: Level 5
6,372 points

Jul 29, 2007 8:04 PM in response to Erroll

In the LAN, connecting to 1.10 using the finder...is probably not SSH. You're connecting to the 'server' using SMB or AFP.

If you open a Terminal window, and type:
ssh 10.0.1.10<enter>
password<enter> or something...
You are connected in Terminal mode, and navigating the disks is a completely different process than you are accustomed to in Finder.
(not really sure what you mean "selecting SSH in terminal". I can't find that selection)

May we ask:
1) what are you trying to do?
2) what do you expect to happen when you do connect
3) what actually does happen?
Once we figure out what you need to accomplish, and if this works properly when you and this 1.10 computer are both inside the work network...then we'll try to help you figure how to connect from the outside.
Reply
User profile for user: Erroll
Erroll Author
User level: Level 1
102 points

Jul 29, 2007 8:37 PM in response to Rick Van Vliet

Terminal>File Menu>Connect to Server... has 'Secure Shell (ssh)' as the first menu item.

At the moment I travel several days a week to work, sit at a computer and access files on another computer via the LAN. I copy files backwards and forwards as well as access the iTunes library and a Filemaker database on the other computer.

I'm trying to work from home to avoid the travel. At the very least, I have to be able to connect to the work computer, mount it's disks, and down/upload files. I'll still need to go to work one day a week, so can make a weekly copy of the iTunes library and the Filemaker database and take these home. However, if I can access them in real-time (especially network to the FileMaker database) via a VPN, that'd be icing on the cake.

To answer your questions:
I expect to be able to mount the remote computer's drives on my desktop and copy files back-and-forth. I'd prefer it if this was a secure connection. I can mount the drives in Finder (not secure), but when I connect via SSH using Terminal, I don't then know how to access the drives. Maybe there's an OS X SSH client I can use which will make the whole thing obvious; I know nothing about UNIX commands.

I'm assuming that, if I can set up a VPN, I won't have to worry about security.

Steve = : ^ )
Reply
User profile for user: Rick Van Vliet
Rick Van Vliet
User level: Level 5
6,372 points

Jul 29, 2007 9:05 PM in response to Erroll

(thanks for pointing that SSH menu item 😉
I usually just type it on the command line.

Consider FTP for file transfer.
Cyberduck -- Fast, Free and excellent. (might do SFTP)
Fetch, also excellent, but costs.
There are other methods called SFTP (secure FTP)
Look at FUGU app for that (also free)
Ftp/SFTP is just for FileTransfer...and this might be the best way to go.

If this is part of the job description, and the business will pay for your remote access...look at Timbuktu, for secure remote desktop...this is an excellent software.

SSH is not really what you're describing. FileTransfer is. Or remote access.

And by its nature, SSH (shell) is UNIX command line. I don't know of a GUI that replaces SSH.
Reply
User profile for user: Erroll
Erroll Author
User level: Level 1
102 points

Jul 29, 2007 9:19 PM in response to Rick Van Vliet

Thanks. I see now that I don't need to 'log in' to the computer at work, just read and write to disks attached to it, without the whole world getting access. I definitely don't need remote desktop: much of the time someone else will be working on the computer while I'm remotely accessing it's connected drives from home.

I guess ftp (or sftp) is all I need to pass files backwards and forwards. Can't the Finder do this? If not, do I need to install software on both computers? Does the computer at work need to be set up as an 'ftp server'?

Do you think it it's worth the effort of setting up a VPN, to be able to read/write to the Filemaker database and play iTunes tracks remotely? Is it a big job?

Thanks again,
Steve = : ^ )
Reply
User profile for user: Erroll
Erroll Author
User level: Level 1
102 points

Jul 29, 2007 9:23 PM in response to BDAqua

I can see that I may have given the wrong impression. I don't want to log in remotely: someone else will be working on the computer most of the time. I need to access the drives attached to the computer, copy files backwards and forwards and, if it's easy, network to an iTunes library and a FileMaker database.

Thanks,
Steve = : ^ )
Reply
User profile for user: Jeffrey Lee
Jeffrey Lee
User level: Level 4
2,558 points

Jul 29, 2007 9:52 PM in response to Erroll

What your missing is that "Connect To Server" uses port 548 and 427.

You are 99% there!!

Go back to the router at work, and do port forwarding on those two ports to the IP address of your desktop, just as you've done with port 22.


Now when you "Connect To Server" from home, the request, which is coming into the router on those two ports, get sent to your desktop, and since you've already enabled your desktop for File Sharing.... your done!

You should be asked for a username and password to log in, and then you'll be asked which items you want to use.. either the entire drive, or just your home folder.
Reply

How do I connect to another Mac via SSH?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up