I have a few headless servers that I maintain with Apple Remote Desktop (ARD) over the Internet. This is not a tutorial on ARD or
ssh, but a way to put simple tools together to make things more secure. I don't fully trust the ARD protocol, so I don't want to leave the port open. It is not possible to use ARD over
ssh because ARD uses UDP packets that
ssh can't forward the same way IPSec tunnels allow to. But IPSec tunnels can be a pain to configure and maintain, and are certainly not within reach of everyone. The servers all sit behind AirPort base stations set to only forward port 22 (
ssh) to them. The
ssh daemon is running on all servers.
- Create a tunnel using the following command:
ssh -L 5009:10.0.1.1:5009 root@server-nnn.dyndns.org
Where:- 10.0.1.1 -> private IP address of the base station.
- server-nnn.dyndns.org -> public IP address of the base station, maintained using the DNSUpdate tool.
- Use the Airport Admin Utility to connect to localhost and reach the remote base station.
- Turn on forwarding of port 3283 on the base station.
- Connect directly via ARD to the public address server-nnn.dyndns.org.
When done, remove the forwarding of port 3283 on the base station. Easy!