10.5: How to use ssh using 'Back to My Mac'

More Mac Sites:
Macworld
MacUser
iPhone Central

14,000 hints and counting!

Apr 29, '08 07:30:04AM • Contributed by: luomat

My iMac is behind a satellite internet connection, which is very slow. Rather than using Screen Sharing or Finder's file sharing for Back to My Mac, I often find it easier to use ssh. Until today I didn't know how to connect to a Back To My Mac computer via ssh. It turns out that it's very easy:

ssh -vvv -p 22 hostname.username.members.mac.com.

Where hostname is the name you gave to the machine (i.e. the name that appears in Finder), and username is your .Mac username (i.e. if your email address is steve@mac.com, your .Mac username is steve). Note that there is a "." at the very end of the command -- I've had more consistent success using it that way. You can also try Terminal.app » Shell » New Remote Connection (or press Command-Shift-K) and then look under 'Secure Shell (ssh) for "Discovered Servers"'.

As with all things Back To My Mac related, success is flakey and your best bet is if you have Airport Extreme base stations on both the local and remote machines.

•

Currently 2.91 / 5

You rated: 5 / 5 (11 votes cast)

[51,701 views]

Hint Options

10.5: How to use ssh using 'Back to My Mac' | 20 comments | Create New Account

Click here to return to the '10.5: How to use ssh using 'Back to My Mac'' hint

The following comments are owned by whoever posted them. This site is not responsible for what they say.

10.5: How to use ssh using 'Back to My Mac'
Authored by: nvdingo on Apr 29, '08 07:56:39AM

It should be noted that the -vvv is unnecessary unless you really like a whole lot of debugging information (with 3 "v's", i do mean a WHOLE lot)
the -p 22 is also unnecessary as port 22 is the default SSH port.

Additionally, if the username you are logged in as on the machine you are using to connect to the remote mac is not the same as the username on the remote mac, you are definitely going to want to include the "-l <username>" option that is not present in the hint

10.5: How to use ssh using 'Back to My Mac'
Authored by: fracai on Apr 29, '08 10:28:51AM

instead of -l you can also use user@host

---
i am jack's amusing sig file

10.5: How to use ssh using 'Back to My Mac'
Authored by: stug on Apr 29, '08 01:22:14PM

How do you get around the problem of usernames with a '.' in them?

10.5: How to use ssh using 'Back to My Mac'
Authored by: DrivingHome on May 11, '10 06:06:34AM

Just discovered this - and you can use double backslash to escape a . in a username. So for example, if you're mobileme name was

"john.doe" and your host was "igloo", and your local mac login was "jdoe", the command would be

ssh jdoe@igloo.john\\doe.members.mac.com

This hostname works with eyetv too...

10.5: How to use ssh using 'Back to My Mac'
Authored by: narya on Jul 06, '10 04:22:21AM

Unfortunately it doesn't work for me. Has anybody else successfully tried the trick with ssh machine.john\\doe.members.mac.com?

10.5: How to use ssh using 'Back to My Mac'
Authored by: mjb on Apr 29, '08 03:49:59PM

Just a note that the usage of a trailing period (.) is not required, but it can indeed speed up connection times if you're behind a very slow connection or have an unreliable DNS source.

What it does is tell the DNS resolver software on your computer that you do not want to search the DNS domain you're in for the hostname you've provided (more correctly, you're giving an explicit DNS name). If you don't use a period, the resolver will try all of the domains associated with your current network connection first, before asking the wider internet (you can find these domains in /etc/resolv.conf on your Mac - this file is updated automatically each time you connect to a network, usually by DHCP).

This is basically the reason why using a 'short name' on your own network will succeed (ignoring Bonjour/mDNS in this example, that's different), as the resolver will append your domain onto the short name and try that. For example, if your domain is 'some.domain.com', and you enter 'http://www/' into Safari, the resolver will try www.some.domain.com to try to find the IP address to talk to.

In the hint example, it means that the resolver will only try 'hostname.username.members.mac.com', and not 'hostname.username.members.mac.com.some.domain.com' first. (So, believe it or not, your resolver will try 'www.macosxhints.com.some.domain.com' first when you visit this site.. You can try 'www.macosxhints.com.' - with the trailing period - and you will see that that works too)

Sorry for all those that already know this.. but if someone else learns something that's cool :)

</ramble>

10.5: How to use ssh using 'Back to My Mac'
Authored by: pub3abn on May 07, '08 09:49:22AM

That was a cool little tangent hint.

10.5: How to use ssh using 'Back to My Mac'
Authored by: aradke on Apr 29, '08 05:40:06PM

Use the following format for connecting as a differnent username:

ssh user.name@hostname.username.members.mac.com.

If you do this regularly and wish to save having to use the username all the time for ssh and scp then create a file called ~/.ssh/config with contents like the following:

Host hostname.username.members.mac.com.
User user.name

Host host2.some.domain.com.
User username2
Port 2222
LocalForward 3389 internal-pc:3389

The second host in this file also includes using a port other than 22 and allowing access to a Windows computer called internal-pc with Remote Desktop by connecting to localhost with the Remote Desktop Client.

10.5: How to use ssh using 'Back to My Mac'
Authored by: LostInSpace2011 on Apr 29, '08 10:13:40PM

Seems like a really useful feature, although I am a bit concerned about the security issues. I wonder how many of us will have their firewall configured correctly. SSL uses port 22 which would have to be open not only on the Apple Firewall, but also on any router / modem. Personally I would be very careful who I give access to port 22 on my machine.

SSL also supports port forwarding / redirecting (-L -R options) which allows traffic from other protocols to be re-routed through an SSH tunnel.

10.5: How to use ssh using 'Back to My Mac'
Authored by: the1truestripes on Apr 30, '08 09:50:07AM

Seems like a really useful feature, although I am a bit concerned about the security issues. I wonder how many of us will have their firewall configured correctly. SSL uses port 22 which would have to be open not only on the Apple Firewall, but also on any router / modem. Personally I would be very careful who I give access to port 22 on my machine.

I think the back to my .Mac address is a IPSec tunnel endpoint. So nobody can send traffic to port 22 (or any other port) unless they have the keys for it (and there doesn't need to be anything open in the firewall for the specific traffic going to that endpoint, but there does for the tunnel itself). It also means your ssh will get an extra layer of encryption (from IPSec), but I wouldn't set it up to skip the ssh encryption (or use a faster but weaker form), because it is safer to say "you have to defeat both" then "get my tunnel and you get the ssh". Esp. since IPSec hasn't had as much operational deployment as ssh.

Your milage may vary. I'm not a back2my mac expert or anything. Or even IPSec expert (although I did implment a ssh clinet, since it was a long time ago and ssh v1, I'm not even an ssh expert). So please take your grain of salt. Thank you, drive through.

[ Reply to This | # ]

10.5: How to use ssh using 'Back to My Mac'
Authored by: sabi on May 01, '08 01:53:48AM

It's using a combination of IPsec (for the tunnel) and IPv6 (for routing), with UPnP or NAT-PMP to open a port if you're behind NAT. The IPsec connection is typically made over UDP port 4500 though if that port is in use, it will use another port.

http://www.macworld.com/article/60945/2007/11/backtomymac.html

http://docs.info.apple.com/article.html?artnum=307024

The concept is really elegant and while the implementation was a bit flaky for a while, since 10.5.2 it's been basically reliable for me and it's so nice to no longer need to set up a VPN just to talk to my own machine at home.

You can see the IPsec configuration established by looking at the files in /etc/racoon/remote (you'll need to be root/use sudo to see them, since they contain a shared secret). You'll also find this shared secret in the System Keychain as "Back to My Mac key".

10.5: How to use ssh using 'Back to My Mac'
Authored by: dfbills on Apr 30, '08 01:37:21PM

This is an incredible find! I'm rsync'ing my iTunes library right now.

---
-d

10.5: How to use ssh using 'Back to My Mac'
Authored by: hedgepig on May 01, '08 01:15:17AM

Turns out it is even easier! :P

just open the Terminal go to Shell > New Remote Connection...

then choose ssh and there you have your BackToMyMac Computer listed (if the OS sees it).

type in your username and click connect.

voila, you can even see the connection string used. And you can also use ftp/sftp... from this dialog to your remote Mac.

Way easier than typing in some shell command like suggested in the original tip.

10.5: How to use ssh using 'Back to My Mac'
Authored by: radioactive on Oct 10, '11 02:36:35PM

Just an update on how to do this with iCloud and 10.7.2.

In MobileMe days, you could use use computer-name.mobile-me-name.members.mac.com to access your computer remotely via SSH (so long as you were signed in).

in iCloud, it's the same idea, but uses a different domain (members.btmm.icloud.com), everything else works the same. I found my domain by poking around with the "mDNS" utility and the -E arg (Enumerate recommended registration domains):

newt:~ stevejobs$ mDNS -E
Looking for recommended registration domains:
Talking to DNS SD Daemon at Mach port 5891
14:25:23.650 Recommended Registration Domain local. Added
14:25:23.650 Recommended Registration Domain XXXXXXXXX.members.btmm.icloud.com. Added

Where XXXXXXXXX was a number. I can now ssh to "newt.XXXXXXXXX.members.btmm.icloud.com" from any machine signed into iCloud.

10.5: How to use ssh using 'Back to My Mac'
Authored by: bmcinnes on Oct 18, '11 09:10:04AM

This method of getting the DNS part for ssh works great for 10.7.2 and iCloud, thanks

10.5: How to use ssh using 'Back to My Mac'
Authored by: bcamp1973 on Oct 27, '11 06:57:51PM

I assume that "newt" is your username in the example? I tried this and didn't have any luck. I keep getting the error...

ssh: Could not resolve hostname brian.xxxxxxxx.members.btmm.icloud.com.: nodename nor servname provided, or not known

Edited on Oct 27, '11 06:58:43PM by bcamp1973

10.5: How to use ssh using 'Back to My Mac'
Authored by: radioactive on Oct 28, '11 11:50:38PM

No, newt was my hostname. stevejobs was my username.

10.5: How to use ssh using 'Back to My Mac'
Authored by: ivanoats on Nov 11, '11 02:36:08PM

This isn't working for as of the last couple of days. Now getting error message:


Could not resolve hostname my_host_name.102480994.members.btmm.icloud.com: nodename nor servname provided, or not known

Is it still working for anyone else?

10.5: How to use ssh using 'Back to My Mac'
Authored by: taxi on Dec 04, '11 03:20:53PM

It's working for me right now.

10.5: How to use ssh using 'Back to My Mac'
Authored by: ivanoats on Dec 04, '11 05:28:42PM

Yeah, it works now. I think it stopped working when I had my MobileMe username and password in my airport extreme. I took those out after iCloud and it started working again.

Search

From our Sponsor...

Latest Mountain Lion Hints

Click here for complete coverage of Lion on Macworld.

User Functions

Don't have an account yet? Sign up as a New User
Lost your password?

What's New:

Hints

No new hints

Comments last 2 days

10.9: Disable power button sleep [+4]

Links last 2 weeks

No recent new links

What's New in the Forums?

Hints by Topic

News from Macworld

From Our Sponsors

Visit other IDG sites: