User profile for user: Preston Eaves
Preston Eaves Author
User level: Level 1
40 points

SSH over WAN in the Terminal...

Is it possible?

2.16GHz 17" Intel Core Duo MacBook Pro / 1.8GHz 20" iMac G5 / 60GB iPod (Video), Mac OS X (10.5.1), MacBook Pro - 1GB RAM, 120GB HD, APE, BT / iMac - 2GB RAM, 250GB HD, APE, BT

Posted on Nov 17, 2007 2:21 PM

Reply
11 replies
User profile for user: Dave Z
Dave Z
User level: Level 1
60 points

Nov 17, 2007 3:19 PM in response to Preston Eaves

Yes. If you're behind a firewall, you'll need to forward the appropriate port.

You should be aware, enabling SSH over a WAN is a potentially serious security risk if not done properly. You'll probably want to establish proper authentication keys, etc.

At any rate, it's no different than SSH'ing into a LAN machine from termal (i.e. "ssh <destination ip>").
Reply
User profile for user: Preston Eaves
Preston Eaves Author
User level: Level 1
40 points

Nov 17, 2007 4:15 PM in response to Dave Z

So would you include the Short Name in the command to connect to a host machine over a WAN just as you would if you if you were connecting to it over a LAN? (i.e. ssh preston@192.168.1.100) Also, you would use the external IP to connect to the host machine over a WAN, right? Also, what do you do if the host machine that you want to control is behind a router on their end? Meaning how do you include both the external IP (the one their router uses to connect to the internet) and the internal IP (the one assigned to the host machine by the router) in the ssh command? Because if you used just the external IP in the ssh command and there were multiple machines behind the router on their end, the router wouldn't know which machine to route the ssh command to, correct? Does that make any sense?

Message was edited by: Preston Eaves
Reply
User profile for user: brainslice
brainslice
User level: Level 2
411 points

Nov 17, 2007 5:48 PM in response to Preston Eaves

I suggest reading the man page. In Terminal "man ssh"

You need to specify a username otherwise ssh will use your local username instead. This can be done a couple of ways....

ssh user@host
ssh -l user host

WARNING!!! If you're going to open up ssh to the public you'd better be darned sure that you're using strong passwords. It's also a good idea to disable root ssh login, you can always sudo or su when you're logged in.
Reply
User profile for user: brainslice
brainslice
User level: Level 2
411 points

Nov 17, 2007 6:20 PM in response to Preston Eaves

It looks like the remote system is MacOSX so you need to edit the file /private/etc/sshd_config, doing so as root of course.

Find the line with "#PermitRootLogin yes" (this is the default) and change to "PermitRootLogin no"
Make sure you remove the leading hash to uncomment the line or it won't do anything. Save the file, log out then try to ssh root@host and see what happens.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

SSH over WAN in the Terminal...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up