It should be noted that the -vvv is unnecessary unless you really like a whole lot of debugging information (with 3 "v's", i do mean a WHOLE lot)
the -p 22 is also unnecessary as port 22 is the default SSH port.

Additionally, if the username you are logged in as on the machine you are using to connect to the remote mac is not the same as the username on the remote mac, you are definitely going to want to include the "-l <username>" option that is not present in the hint

[ Reply to This | # ]

instead of -l you can also use user@host

---
i am jack's amusing sig file

[ Reply to This | # ]

How do you get around the problem of usernames with a '.' in them?

[ Reply to This | # ]

Just discovered this - and you can use double backslash to escape a . in a username. So for example, if you're mobileme name was

"john.doe" and your host was "igloo", and your local mac login was "jdoe", the command would be

ssh jdoe@igloo.john\\doe.members.mac.com

This hostname works with eyetv too...

[ Reply to This | # ]

Unfortunately it doesn't work for me. Has anybody else successfully tried the trick with ssh machine.john\\doe.members.mac.com?

[ Reply to This | # ]

Just a note that the usage of a trailing period (.) is not required, but it can indeed speed up connection times if you're behind a very slow connection or have an unreliable DNS source.

What it does is tell the DNS resolver software on your computer that you do not want to search the DNS domain you're in for the hostname you've provided (more correctly, you're giving an explicit DNS name). If you don't use a period, the resolver will try all of the domains associated with your current network connection first, before asking the wider internet (you can find these domains in /etc/resolv.conf on your Mac - this file is updated automatically each time you connect to a network, usually by DHCP).

This is basically the reason why using a 'short name' on your own network will succeed (ignoring Bonjour/mDNS in this example, that's different), as the resolver will append your domain onto the short name and try that. For example, if your domain is 'some.domain.com', and you enter 'http://www/' into Safari, the resolver will try www.some.domain.com to try to find the IP address to talk to.

In the hint example, it means that the resolver will only try 'hostname.username.members.mac.com', and not 'hostname.username.members.mac.com.some.domain.com' first. (So, believe it or not, your resolver will try 'www.macosxhints.com.some.domain.com' first when you visit this site.. You can try 'www.macosxhints.com.' - with the trailing period - and you will see that that works too)

Sorry for all those that already know this.. but if someone else learns something that's cool :)

</ramble>

[ Reply to This | # ]

That was a cool little tangent hint.

[ Reply to This | # ]

Use the following format for connecting as a differnent username:

ssh user.name@hostname.username.members.mac.com.

If you do this regularly and wish to save having to use the username all the time for ssh and scp then create a file called ~/.ssh/config with contents like the following:

Host hostname.username.members.mac.com.
User user.name

Host host2.some.domain.com.
User username2
Port 2222
LocalForward 3389 internal-pc:3389

The second host in this file also includes using a port other than 22 and allowing access to a Windows computer called internal-pc with Remote Desktop by connecting to localhost with the Remote Desktop Client.

[ Reply to This | # ]

Seems like a really useful feature, although I am a bit concerned about the security issues. I wonder how many of us will have their firewall configured correctly. SSL uses port 22 which would have to be open not only on the Apple Firewall, but also on any router / modem. Personally I would be very careful who I give access to port 22 on my machine.

SSL also supports port forwarding / redirecting (-L -R options) which allows traffic from other protocols to be re-routed through an SSH tunnel.

[ Reply to This | # ]

Seems like a really useful feature, although I am a bit concerned about the security issues. I wonder how many of us will have their firewall configured correctly. SSL uses port 22 which would have to be open not only on the Apple Firewall, but also on any router / modem. Personally I would be very careful who I give access to port 22 on my machine.

I think the back to my .Mac address is a IPSec tunnel endpoint. So nobody can send traffic to port 22 (or any other port) unless they have the keys for it (and there doesn't need to be anything open in the firewall for the specific traffic going to that endpoint, but there does for the tunnel itself). It also means your ssh will get an extra layer of encryption (from IPSec), but I wouldn't set it up to skip the ssh encryption (or use a faster but weaker form), because it is safer to say "you have to defeat both" then "get my tunnel and you get the ssh". Esp. since IPSec hasn't had as much operational deployment as ssh.

Your milage may vary. I'm not a back2my mac expert or anything. Or even IPSec expert (although I did implment a ssh clinet, since it was a long time ago and ssh v1, I'm not even an ssh expert). So please take your grain of salt. Thank you, drive through.

[ Reply to This | # ]

It's using a combination of IPsec (for the tunnel) and IPv6 (for routing), with UPnP or NAT-PMP to open a port if you're behind NAT. The IPsec connection is typically made over UDP port 4500 though if that port is in use, it will use another port.

http://www.macworld.com/article/60945/2007/11/backtomymac.html

http://docs.info.apple.com/article.html?artnum=307024

The concept is really elegant and while the implementation was a bit flaky for a while, since 10.5.2 it's been basically reliable for me and it's so nice to no longer need to set up a VPN just to talk to my own machine at home.

You can see the IPsec configuration established by looking at the files in /etc/racoon/remote (you'll need to be root/use sudo to see them, since they contain a shared secret). You'll also find this shared secret in the System Keychain as "Back to My Mac key".

[ Reply to This | # ]

This is an incredible find! I'm rsync'ing my iTunes library right now.

---
-d

[ Reply to This | # ]

Turns out it is even easier! :P

just open the Terminal go to Shell > New Remote Connection...

then choose ssh and there you have your BackToMyMac Computer listed (if the OS sees it).

type in your username and click connect.

voila, you can even see the connection string used. And you can also use ftp/sftp... from this dialog to your remote Mac.

Way easier than typing in some shell command like suggested in the original tip.

[ Reply to This | # ]

Just an update on how to do this with iCloud and 10.7.2.

In MobileMe days, you could use use computer-name.mobile-me-name.members.mac.com to access your computer remotely via SSH (so long as you were signed in).

in iCloud, it's the same idea, but uses a different domain (members.btmm.icloud.com), everything else works the same. I found my domain by poking around with the "mDNS" utility and the -E arg (Enumerate recommended registration domains):

newt:~ stevejobs$ mDNS -E
Looking for recommended registration domains:
Talking to DNS SD Daemon at Mach port 5891
14:25:23.650 Recommended Registration Domain local. Added
14:25:23.650 Recommended Registration Domain XXXXXXXXX.members.btmm.icloud.com. Added

Where XXXXXXXXX was a number. I can now ssh to "newt.XXXXXXXXX.members.btmm.icloud.com" from any machine signed into iCloud.

[ Reply to This | # ]

This method of getting the DNS part for ssh works great for 10.7.2 and iCloud, thanks

[ Reply to This | # ]

I assume that "newt" is your username in the example? I tried this and didn't have any luck. I keep getting the error...

ssh: Could not resolve hostname brian.xxxxxxxx.members.btmm.icloud.com.: nodename nor servname provided, or not known

[ Reply to This | # ]

No, newt was my hostname. stevejobs was my username.

[ Reply to This | # ]

This isn't working for as of the last couple of days. Now getting error message: Could not resolve hostname my_host_name.102480994.members.btmm.icloud.com: nodename nor servname provided, or not known Is it still working for anyone else?

[ Reply to This | # ]

It's working for me right now.

[ Reply to This | # ]

Yeah, it works now. I think it stopped working when I had my MobileMe username and password in my airport extreme. I took those out after iCloud and it started working again.

[ Reply to This | # ]