Using ARD and ssh for secure remote administration

Nov 11, '03 10:41:00AM

Contributed by: newkid

I have a few headless servers that I maintain with Apple Remote Desktop (ARD) over the Internet. This is not a tutorial on ARD or ssh, but a way to put simple tools together to make things more secure. I don't fully trust the ARD protocol, so I don't want to leave the port open. It is not possible to use ARD over ssh because ARD uses UDP packets that ssh can't forward the same way IPSec tunnels allow to. But IPSec tunnels can be a pain to configure and maintain, and are certainly not within reach of everyone. The servers all sit behind AirPort base stations set to only forward port 22 (ssh) to them. The ssh daemon is running on all servers.

  1. Create a tunnel using the following command:
    
    ssh -L 5009:10.0.1.1:5009 root@server-nnn.dyndns.org
    
    Where:
  2. Use the Airport Admin Utility to connect to localhost and reach the remote base station.

  3. Turn on forwarding of port 3283 on the base station.

  4. Connect directly via ARD to the public address server-nnn.dyndns.org.
When done, remove the forwarding of port 3283 on the base station. Easy!

Comments (11)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20031103194820538