First make sure that the computer you want to reach has either a static IP address or has a domain name. If not, go to DynDNS (or similar service) and create a free account. Download DynDNS Updater to the computer you want to reach, and setup your domain name such as work.dyndns.org.
Next, fire up Terminal on your home computer or laptop from which you want to reach the work computer.
[robg adds: The remainder of this hint duplicates and combines information from some existing hints; in that way, it's something of a duplicate. However, I don't believe we've published a full walkthrough like this before. Keep reading for the detailed how-to...]
With Terminal running, here's the remainder of the process...
- Generate an ssh key pair. Be sure to leave the passphrase empty. In this example, sname refers to the short login name of your laptop or home computer. Here's what the command looks like; press Return for each option listed:
This will create a private key called id_rsa, and a public key named id_rsa.pub. Both of these will be created in a directory ~/.ssh. (Make sure that the private key is not likely to be seen by anyone, or that person can access your computer without a password!).sname% ssh-keygen -t rsa Enter file in which to save the key (/Users/sname/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/sname/.ssh/id_rsa. Your public key has been saved in /Users/sname/.ssh/id_rsa.pub. The key fingerprint is: 69:55:f3:c3:63:f3:af:57:98:c9:45:63:f3:af:57:98:c9:45... - The public key needs to be placed on the work computer. Securely copy the file to the work computer, and then login in via ssh and add the key to a file ~/.ssh/authorized_keys (you may not need to create the files/folders on the work machine; check if they exist first):
Now you should be able to ssh to your work computer securely without a password.sname% scp ~/.ssh/id_rsa.pub user@work.dyndns.org:./id_rsa.pub sname% ssh user@work.dyndns.org Password: workuser% mkdir .ssh workuser% chmod 700 .ssh workuser% cd .ssh workuser% touch authorized_keys workuser% chmod 600 authorized_keys workuser% cat ~/id_rsa.pub >> authorized_keys workuser% rm ~/id_rsa.pub workuser% logout - Now we'll forward a local port (7777 in this example) on the laptop/home computer over a secure tunnel to port 548 on the work computer. (AppleShare uses port 548).
You should now be logged into your work computer without having to type a password, with the local port 7777 forwarded to port 548 on the work computer. Do not log out. Follow the next step.sname% ssh –L 7777:localhost:548 user@work.dyndns.org - Go to Finder and press Command-K, or use the Go » Connect to Server menu item. Type the following into the box: afp://localhost:7777. This should show you the work computer volumes you can log into. Choose the one you want to mount to your desktop. Be sure to check the box to save the password into your keychain, or you will need to enter it each time.
tell application "Finder"
open alias file "Office" of folder "Documents" of folder "sname" of folder "Users" of startup disk
end tell
Save the script with a name such as MountOffice.scpt in your Documents folder as in this example. Check to make sure that the script is working correctly. If you have logged out of your work computer, log back in with port forwarding, as shown above. Then double-click your AppleScript and run it in Script Editor. Your work computer should mount on the desktop without typing a password. Now we will automate the entire process using a Terminal command. Fire up TextEdit and paste the following text: Be sure to replace user@work.dyndns.org with your login and name on the work computer. If you have given a different name to your AppleScript, or placed it in some other location than the Documents folder, be sure to specify the correct location rather than ~/Documents/MountOffice.scpt.. Save this file in a convenient place such as your Documents folder with a name such as One Click Office.term. TextEdit will ask you whether you really want to use .term as an extension. Click on the button "Use .term". Drag this file to your dock. If you haven't logged out of your work computer, do so now.
Now we will test the entire process. Click on the alias in the dock, and your work computer should mount on your desktop in 15 to 20 seconds without any further intervention, using a secure tunnel and not compromising any passwords! And all for free! Finally, a few comments about this hint and its behavior.
- In Tiger, once you click the dock icon, Terminal should launch and the window should remain minimized in the dock. The minimized window should disappear from the dock once the volume is mounted on the desktop.
- The Terminal in Leopard does not support the IsMiniaturized key, so that is ignored in the MountOffice.term file. The key and its YES string can be safely deleted from the MountOffice.term file in Leopard. Unfortunately, this makes the hint slightly less elegant in Leopard.
- Consider giving the .term file a custom icon by copy some icon and pasting it to the icon in the Get Info inspector of the .term file. See this hint for a how-to.
- The -f option in the ssh command in the MountOffice.term file puts the ssh command into background. The tunnel remains open even though the Terminal window has been closed by the exit command and the ShellExitAction key. (You can check this behavior with Activity Monitor).
- The Terminal keeps running after mounting the volume. If you would like to quit it, you can use the kill command by replacing exit with kill `ps -acx | grep Terminal$ | awk '{print $1}'`. But be careful, as it will abruptly close any other Terminal windows also. (Or consider writing an AppleScript for more graceful behavior.)
- Automator is not helpful in executing all these commands. I couldn't get it to keep a tunnel open. See this forum discussion for more on that subject.

