Re: Using SSH for remote login (detailed) [was Re: Remote Login]

[Chris Blouch]

I do this for administrating a web server box remotely. I have the 
firewall set up to do port forwarding from the public IP address to the 
internal IP address for port 22 (ssh) and 80 (http). So I can then do an 
ssh [EMAIL PROTECTED] from pretty much anywhere and get to the 
shell on that machine. For a home network your public address is 
probably going to be assigned via DHCP so it might change from time to 
time, but you'll still need to set up your firewall to forward port 22 
to your mac on your internal network. That address is probably also 
assigned via DHCP so you'll want to either give it a static one or 
you'll have to redo the port forwarding anytime it changes. Dynamic 
address changing makes all this a bit winky.

CB
David Poehlman wrote:
you can forward the internal (nat) address though so that if you know the 
address of your cable connection, you can use that like this:
ssh [EMAIL PROTECTED]
----- Original Message ----- 
From: "Esther" <[EMAIL PROTECTED]>
To: "General discussions on all topics relating to the use of Mac OS X by 
theblind" <discuss@macvisionaries.com>
Sent: Monday, May 19, 2008 5:00 PM
Subject: Re: Using SSH for remote login (detailed) [was Re: Remote Login]


Hi Dan,

On May 19, 2008, at 09:08AM, Dan Eickmeier wrote:
  
Thanks as well for the Very detailed  explanation as usual Ester.  I
was wondering about that too, if I was in a situation where I was
using somebody else's mac, and totally away from my network, could I
log in this way as well?  I've got a free host from http://no-ip.com,
so could I log in giveing that as the address if I was totally away
    
>from my network?

Yes, if you have set up your Mac to allow remote logins you can use
SSH to log into your Mac from another machine.  However, you need
to be able to access the IP address of the remote machine from the
machine you're logged into.  For example, many people have home
networks that connect into a cable modem unit.  If you connect an
AirPort Express or similar wireless router to the cable modem all
your wireless machines can join your local network and share your
connection.  However, they get assigned local network addresses
like 10.0.1.3, 10.0.1.4, etc. or  192.168.0.3, 192.168.0.4, etc.  These
are private addresses that only work on your local network that are
generated by NAT (network address translation).  Those numbers
tell you that you can use these IP addresses to SSH into a machine
on your local network.  You can also SSH from any of these
machines to a computer with an IP address outside of your home
network.   However, you can't SSH into one of these machines
from outside your home network, because your router is distributing
addresses so they can be shared, and there's no unique address
that connects to a specific machine from outside your network.  In
the example I gave, you'd have to connect your cable modem
ethernet connection directly into a single machine, and then you
could remote log into it from outside your network, provided that
you had enabled remote login and also knew the IP address that
was assigned to that machine.

I'm not sure that I know how your free host works.  Presumably, that's
a public machine that you could access that might have mirrored
some of the content on your Mac?  For a dot Mac account, for
instance, you could have some of your files mirrored on an iDisk
on an external machine.  Then, from any other Mac, you can log
into your dot Mac account and access the files on your iDisk.  You
can do this through the graphical interface (no need to limit yourself
to the terminal), and you don't have to know anything about SSH
or SFTP!  In this case Apple handles the address information
transparently for you -- they keep track of your dot Mac login name
and password, so you don't have to know which machine is
physically hosting your file contents.

However, in general, if there is another server that has an IP address
and hosts an account for you, yes, you can remote login onto that
machine from any other computer.

I don't know whether I've answered your question, but maybe someone
else can chime in here with more information.  Typically, you might
use remote login on a home network to transfer files, or to try to
troubleshoot when a display is frozen and a computer doesn't seem
to be responding.  For this last function you would probably have
some unix background.  You might also use remote login to get to
another computer outside your home network.

HTH

Cheers,

Esther


  
On 19-May-08, at 11:22 AM, Esther wrote:

    
Hi Jane,

      
What exactly is Remote login?  Does it mean what I think it means,
maily that I can "log in" to my account on the iMac using my
iBook?  If I am doing so on my own iBook, can someone else log into
antoher account at the same time using another iBook?
          
Yes, if you have enabled remote login for your computer, other
users can log into accounts on that machine at the same time through
the terminal application.
      
<snip out details about SSH>
  
ssh -l jane 10.0.1.3

or I prefer to use the format with the AT sign used for email:


ssh [EMAIL PROTECTED]

(The Mail Archive will block this, so read this as:

ssh jane AT 10.0.1.3  where "AT" is replaced by the at sign and
there are no spaces around the symbol).

You'll be prompted for your password on the remote machine.