Ssh tunnel how to set up in SL?

Similar Messages

• Once and for all: How to set up and use SSH

  Yes, I know ssh has been discussed on and off, but never in its entirety; and yes, there are step by step instructions on the www, but at one point or another they skip a crucial instruction that would be necessary for unix-dummies (e.g. how to save and close the nano-editor in Terminal). So, please pardon my question:
  There are several points I'd like to ask for ssh-connecting two macs on a local network:
  1) In terminal-file-"connect to server" you can ask for an ssh connection to be set up. For this to work, do I need to create private and public keys first? If so, how? Please point me to a reliable and step-by-step instruction site.
  There are some free ssh-utilities out there, but their documentation is just not helpful enough for a UNIX-dummy.
  2) Apparently I managed to connect via ssh once (from the terminal, see point 1) to a local server (allowing remote connection set to ON at the server). But then, when I connected to that server from the client's finder and tried to get into my user account on that server it told me that no secure connection could be established. What's wrong here? Do I have to continue working from within the terminal to use this connection? That would be difficult for an average MacUser.
  3) What is the security advantage of an SSH connection on a local wireless network (Airport Base Station) over WPA2, if at all?
  4) And how to set up an ssh-connection over the internet cloud to safely build a remote control/desktop sharing connection, e.g., a friend's Mac when she has a problem?
  Thanks for your consideration.

  First I'm not sure what your goals are.
  1) In terminal-file-"connect to server" you can ask for an ssh connection to be set up. For this to work, do I need to create private and public keys first?
  If you have ssh keys, you can do this without passwords. If you have not exchanged keys with the remote system, you will be asked for the password of the user you are attempting to login as.
  If so, how? Please point me to a reliable and step-by-step instruction site. There are some free ssh-utilities out there, but their documentation is just not helpful enough for a UNIX-dummy.
  Log into the remote system. This could be via ssh.
  On the remote system, run the following command to generate an ssh key for that remote system:
  ssh-keygen -t rsa
  Generating public/private rsa key pair.
  Enter file in which to save the key (/Users/username/.ssh/id_rsa): <<take default>>
  Created directory '/Users/username/.ssh'.
  Enter passphrase (empty for no passphrase): <<enter nothing>>
  Enter same passphrase again: <<enter nothing again>>
  Your identification has been saved in /Users/username/.ssh/id_rsa.
  Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
  The key fingerprint is:
  aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp [email protected]
  This will generate an ssh key for the remote system. This could be any system that support ssh, such as a Unix system, or another Mac.
  Copy the id_rsa.pub file from the remote system to your Mac. When I say "your Mac" I mean the one that you want to make the ssh connection from. The id_rsa.pub is found in the remote system's ~username/.ssh/ directory.
  Append the copied id_rsa.pub to your Mac's ~himbear/.ssh/authorized_keys2 file
  cat id_rsa.pub >>~himbear/.ssh/authorized_keys2
  Now when you ssh to that specific remote system, it will NOT ask for a password. The first time you ssh to any system, ssh will ask if the system is really the system you thing it is. But once you say "yes", it will not ask that question again.
  Repeat for every remote system you wish to log into using an ssh key.
  2) Apparently I managed to connect via ssh once (from the terminal, see point 1) to a local server (allowing remote connection set to ON at the server). But then, when I connected to that server from the client's finder and tried to get into my user account on that server it told me that no secure connection could be established. What's wrong here? Do I have to continue working from within the terminal to use this connection? That would be difficult for an average MacUser.
  MacUser. A flash from the past, as in the MacUser magazine.
  ssh is not used by default when you make connections. If you want an ssh connection, you have to establish it intentionally.
  ssh can be used to pre-establish a tunnel (or tunnels) that other services can use. Once an ssh tunnel is establish, connections to local host's tunnel port will be connected to the specified remote port. For example:
  ssh -L 5901:localhost:5900 [email protected]
  will establish a tunnel that VNC can use. The VNC client would connect to localhost display 1 or port 5901.
  ssh allows multiple -L tunnels to be specified on the ssh command line.
  3) What is the security advantage of an SSH connection on a local wireless network (Airport Base Station) over WPA2, if at all?
  Inside you home. Not much. Unless of course you do not trust the other members of your family. That is to say, others having your WPA2 password, and are thus on the inside, and can sniff you packets.
  4) And how to set up an ssh-connection over the internet cloud to safely build a remote control/desktop sharing connection, e.g., a friend's Mac when she has a problem?
  If you are using the Mac OS X Leopard built-in *Screen Sharing* and you are connecting to another Mac's built-in Leopard System Preferences -> Sharing -> Remote Management (Tiger's Apple Remote Desktop), then in the *Screen Sharing* preferences, is an "Encrypt all network data" option.
  If you wish to set this option in advance, you can launch *Screen Sharing* by double clicking on System -> Library -> CoreServices -> Screen Sharing.app
  You can *Screen Sharing* connections over the net using iChat. This is one of the easiest ways to take control of their system. Of course they need to cooperate. I use a Free AOL Instant Messager (AIM) account for my iChat connections. And as a side benefit you can text, audio chat and/or video chat with the person at the other end.
  If you are NOT using the build-in Mac OS X *Screen Sharing* and/or you are NOT using the build-in remote Mac OS X remote management server, then this is a situation where an ssh tunnel would be a very good idea.
  However, setting up an ssh tunnel between 2 systems across the internet gets complex.
  In this case you might want to consider using something like LogMeIn.com which will deal with all those nasty home routers without needing to to do nasty router configurations, and it will be a secure connection. LogMeIn.com will not be as fast as a *Screen Sharing* connection or a VNC connection, but it will be secure and easy to establish. Again, this is only if you can not to Mac to Mac *Screen Sharing* using built-in Mac OS X remote desktop.
  Now if you want to roll your own ssh tunnels for VNC, then I'm just going to outline the things you need to do.
  If the remote system is behind a home router, you need to configure that remote home router to "Port Forward" port 22 on the Internet side to port 22 on the target Mac. Bonus points if the internet side using a high number port to discourge net bots from knocking on your door. Use the ssh -p 12345 option to connect to the high numbered port that is forwarded to port 22 of the destination Mac.
  On the remote Mac you need to run a VNC server. If this is a Mac, then Leopard System Preferences -> Sharing -> Remote Management (Tiger's Apple Remote Desktop). If it is not a Mac, then for Windows, TightVNC, UltraVNC, RealVNC are possible options. Linux has a built-in vncserver, or you can install x11vnc which has the advantage of displaying the desktop screen.
  Once you can access the remote system, you use an ssh command like the following:
  ssh -p 12345 -L 5901:localhost:5900 remote.system.address
  You can get the remote system's address by having the remote system surf over to http://whatismyip.com. Then they can tell you the IP address.
  If you are going to be doing this a lot, you can get a free no-ip.com or dyndns.org dynamic DNS name for the remote system, and the remote system can run a dynamic DNS client (available from no-ip.com or dyndns.org) which will keep the dynamic DNS name updated as the remote person's ISP change's their IP address.
  Finally, now that you have an ssh tunnel for VNC traffic, you have your VNC client connect to
  Address: localhost
  Port: 5901
  Depending on your VNC client you may need to specify Display 1 instead of Port 5901. Or if you do not get a Display or Port option you specify localhost:5901

• Set up SSH Tunneling

  I am new to setting up SSH tunneling on my Mac server. I understand the idea behind tunneling but how would I go about setting it up, on both my client Mac and server Mac? I am running Mavericks Server on my Mac btw.
  Thanks!

  I'm going to infer that you're (also) not familiar with VPNs in the following.
  Generic sequence: open up the necessary ports and protocols at your firewall for tunnel or VPN pass-through, and configure the tunnel or VPN server, and configure the VPN or tunnel client.  
  Here's a list of the ports, and make sure you distinguish TCP ports, UDP ports, and protocols; those three are all different, when you're configuring a firewall. 
  ssh uses TCP port 22 by default, though other ports can be selected.
  With OS X and OS X Server, L2TP via IPSec and PPTP VPN clients and servers are available, and are very common choices.
  Or yes, you can go old-school, and use ssh tunneling if you really want to.  There's an overview of that process here. 
  If you're into using the command line (I happen to be), then straight ssh (and sometimes ssh tunneling) can be handy, but most folks with OS X will probably want to use an L2TP VPN — I use that regularly, too.  Based on the way you're asking this question, I'd probably guess you'll want to use L2TP/IPSec via NAT VPN passthrough in whatever box you're using as a gateway, and skip the ssh tunneling for now.  (This configuration and this approach would be more common than ssh tunneling in general, though there are cases where you might want or need to use ssh tunneling or some other alternaitve to L2TP/IPSec.)

• How to set static IPv6 address/gateway in Arch (NOT tunnel)

  Hey Everybody,
  Today I decided to install Arch Linux. There was only one thing that I did not understand, and that is how to set up a static IPv6 address. I have native IPv6 connectivity at home and in Debian I used to edit /etc/network/interfaces to set up a static IPv6 adress. Since Arch uses rc.conf, what is the syntax to configure a static IPv6 address?
  I used to add something like this in Debian in /etc/network/interfaces:
  > iface eth0 inet6 static
  > address *my static address*
  > netmask 64
  > gateway *my gateway address*
  Or can I still use /etc/network/interfaces in Arch?
  Thank you for help.

  It can be done quite easily using the netcfg infrastructure.
  /usr/lib/network/connections/ipv6static
  #!/bin/bash
  . /usr/lib/network/network
  ipv6static_up() {
  load_profile $1
  ip -6 a a ${ADDRESS} dev ${INTERFACE}
  if ! [ -z "${GATEWAY}" ]
  then
  ip -6 r a 2000::/3 via ${GATEWAY} dev ${INTERFACE}
  fi
  ipv6static_down() {
  load_profile $1
  ip -6 a d ${ADDRESS} dev ${INTERFACE}
  if ! [ -z "${GATEWAY}" ]
  then
  ip -6 r d 2000::/3 via ${GATEWAY} dev ${INTERFACE}
  fi
  ipv6static_$1 $2
  exit $?
  /etc/network.d/eth0static
  CONNECTION="ipv6static"
  DESCRIPTION="Static configuration for IPv6"
  ADDRESS="2001:dead:beef:cafe::1/64"
  INTERFACE="eth0"
  GATEWAY="2001:feed:dead:beef::1" # Comment this out if no route needed
  I haven't tested the gateway part, but I don't see why it wouldn't work. You'll need iproute2, and to read up on netcfg (see http://wiki.archlinux.org/index.php/Network_Profiles) if you have trouble.
  Last edited by gunkaaa (2009-09-02 05:19:36)

• How to get to x6250 Remote console through a ssh tunnel?

  I am accessing webGUI of my x6250 blade console through a ssh tunnel, I can log into eLOM, but when I launch remote console, the java client starts, then a java IOException window comes up with message saying "Create connection failure".
  When I access eLOM directly from company network without ssh tunnel, all works fine, so it is not my local system's setup or JVM issue.
  I am forwarding following ports already: 80, 443, 5120, 5121, 5123, and 7578.
  I suspect I missed some more ports for remote console usage, but which one(s)?
  YZ

  [ports needed for lights out management.]
  a) There does not appear to be an official Sun source for the port data.
  b) ILOM, ELOM, [a-z]LOM each seem to require their own selection of ports.... Beware.

• How to set up my elderly parent with Mac so that I can use remote access to help her?

  I want to set my elderly mother up with a new Mac mini so that I can use remote access to show her how use email, browse the internet, share photos.  (She lives in KY, I live in OR)
  She has had an iPhone and an iPad for about 6 months and she can barely use them without becoming frustrated.   I want to be able to see her screen with her and show her how to do things.
  My plan is to set her up with a Mac mini and I'll use my MacBookAir to remote into her system.  I'm buying the mini to configure and then I'll mail it to her.
  My question is whether to try to use Back to My Mac or Teamviewer for remote access
  I have broadband with comcast and she has broadband with Access Cable.  Each have their company modem/routers--neither of us have Airport Express.
  I have my own iCloud account and she has her own.   If I use Back to My Mac, it seems that I would need to set up a separate account on my Mac that would sync to her iCloud account.
  Teamviewer seems easier because I don't have to use a separate account.   Any advice?   Anything that I'm not thinking about?

  As Linc says, you can establish a Screen Sharing session via iMessage and Facetime.  The advantage of these 2 approaches is that once your Mom gets used to using them, she will be more comfortable using them to communicate with you.  I've talked to my Mom via iChat (aka iMessage) more since she learned to use them, then in all the years before that (including when I was a child ).  And just being able to see your Mom via Facetime can be useful when you want to gage how she is doing.
  However, if you are any distance from your Mom, they you want backup methods incase something goes wrong.
  So beside iMessage/Facetime, the next best would be Back-to-My-Mac via iCloud, however, you will want to establish her Mac as using your account so that you have the right to take control remotely.
  An alternative that does not mix up your iCloud acounts would be to use TeamViewer.com (which has an unattended mode so you can do off-hour maintenance when your Mom is not around; or check up on her to find out if she is dating - Turns out if I had been paying attention, I would not have been blind-sided by my Mom getting Married again last Summer - she is in her 80's! ).
  LogMeIn.com, as dwb says, can be used the same was as TeamViewer.com
  Both LogMeIn.com and TeamViewer.com are very good at making it easy to get through the home router and if you are having any problems connecting using other Methods, TeamViewer.com or LogMeIn.com will most likely not have any issues.
  Back-to-My-Mac allows screen sharing and file sharing so you can transfer files as well as control the screen.
  Screen Sharing via Messages allows cooperative file transfer. That is to say, you can try pushing a file to your Mom, but she has to accept each transfer.
  TeamViewer.com has an unattended file transfer mode.
  LogMeIn.com requires the paid version to transfer files.  However, there are other ways to transfer files, such as downloading them from the original source on your Mom's system while using screen sharing, using Dropbox (or similar), emailing them, etc...
  Of course if you are really network savvy, you can roll your own via ssh tunnels, port forwarding routers, getting dynamic DNS names, transferring files via scp, or tunneling AFP file sharing, tunneling your screen sharing sessions.  Lots of fun and excitement playing with terminal commands

• Remote printing problem using ssh tunnel in Leopard

  Haho,
  I've recently installed Leopard, and I have unexpected difficulties with setting up remote printing to the printers of my University via ssh tunneling. The following procedure worked (and still works) under Tiger, but for some reason it doesn't work with Leopard (not just for me, but other friends also have the same issue as I do). The question is what could be the source of the problem and how could I get around it?
  So, I have the same short user name on my home Mac as my login name in the University system. Then, I set up the proper printers (IP printer, LPD protocol, Address: localhost, the appropriate queue and printer type etc.). Whenever I want to print from home to the University, I would open a Terminal window, and sudo ssh -L515:XXX.XXX.XXX.XXX:515 [email protected] . This is supposed to channel the printing which is sent to a localhost printer to the printers which can be reached through the University IP address.
  This method worked and works well under the latest version of Tiger, but not under Leopard (10.5, 9A581). I get no error messages, the printing seems to go through (at least no error seems to occur during spooling or logging in to the University with the terminal), but it simply doesn't prints out on the other end.
  I have no firewall or any other new network tools running which I'm aware of, and I'm not aware of any differences in the set-ups besides the change in the OS. The issue might be that of compatibility with the University printing system, but help in what exactly changed on the Mac side (something obviously did change) would help me a lot, especially since I don't think that the University technical crew would be very keen on (or competent in, for that matter) troubleshooting.
  Thanks in advance for your help!

  Had the same issue with MS Terminal Server printing over vpn tunnel.
  what kind of internet connection do you have? one which adds extra headers like pppoe ?
  for me ...
  sysopt connection tcpmss
  helped
  default is 1380 (1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes)

• Screen Sharing.app fails through ssh tunnel with "You cannot control your own screen"

  I need to control a remote Mac mini running 10.7 through an ssh tunnel.  I've set up ssh with -L for the appropriate ports, and bound my local ports 5900 and 5800 through this.
  When I connect to 127.0.0.1 with Screen Sharing.app on my macbook pro which runs 10.8.4, it says "You cannot control your own screen" however, screen sharing is not enabled locally on my machine, I'm trying to access a remote machine.
  I tried something else.  I created an alias IP of 127.0.0.2 on lo0, and tried again, and got the same thing, so it's doing an ifconfig and looking through all the IPs to see if the IP address of what I'm trying to connect to is bound locally, which defeats the purpose of tunneling through SSH.  I don't wish to setup a VPN.
  How do I let the Screen Sharing.app know that I'm not trying to connect to my own machine and it should skip this check.
  I've also tried with another app, Chicken of the VNC, and that almost works.  It connects and shows a login screen desktop to the target machine, but I'm unable to click on any of the account icons displayed in order to login, and all key presses such as tab, space, and enter are ignored.
  When at the location (on the same vlan as the target machine) I'm able to remote into it just fine with screen sharing.app, but Chicken of the VNC has the same issue of showing a login screen, but not allowing logins to it.

  Your ssh command should look something like:
  ssh -L 22590:localhost:5900 remove.mac.system.address
  Then you connect using
  Finder -> Go -> Connect to server -> vnc://localhost:22590
  Have you been doing anything close to that?

• SMB through SSH tunnel

  I'm having trouble setting up samba access over an SSH tunnel. If I forward port 139 on my machine to port 139 on the server, like so,
  ssh -L 139:localhost:139 user@server
  and then connect from the finder with Go -> Connect to Server and enter "smb://localhost/username" it works great. Moreover, if I do "smbclient -L localhost -U username" I get (with names changed to protect the innocent):
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Sharename Type Comment
  IPC$ IPC IPC Service (Myservername)
  username Disk Home Directories
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Server Comment
  Workgroup Master
  OATESNET MYSERVERNAME
  That's great. However, I need to in fact be running a samba server on my local machine as well as accessing a remote one --- therefore, I can't forward from port 139 on my local machine because it conflicts with my local samba server (actually, I can, and it appears to be a crapshoot whether my local server or the remote server through SSH gets the connection. Weird. But that's a different story).
  So, I try and forward from a different port, say 52187. So I create my tunnel:
  ssh -L 52187:localhost:139 username@server
  Now I try and connect through the Finder. I get error:
  "The Finder cannot complete the operation because some data in "smb://localhost:52187/username" could not be read or written. (Error code -36)."
  Hmm. Let's try and diagnose from the console. I type:
  smbclient -L localhost -U username -p 52187
  It connects to the remote server, but only partially. I get the following output:
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Sharename Type Comment
  IPC$ IPC IPC Service (Myservername)
  username Disk Home Directories
  Error connecting to 127.0.0.1 (Invalid argument)
  Connection to localhost failed
  NetBIOS over TCP disabled -- no workgroup available
  Weird. Note that this is with my local Samba server not running. Now, if I try and run smbclient with the local server running, I get a different error:
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Sharename Type Comment
  IPC$ IPC IPC Service (Myservername)
  username Disk Home Directories
  session setup failed: NTSTATUS_LOGONFAILURE
  NetBIOS over TCP disabled -- no workgroup available
  Weirder --- so I look in the log files for the local Samba server (/var/log/samba/log.smbd). There are two new messages from the exact time when I tried to contact my remote server:
  [2007/06/20 17:35:08, 0] /SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)
  smbd version 3.0.10 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
  [2007/06/20 17:35:08, 0] pdbods.c:odssamgetsampwnam(2329)
  odssam_getsampwnam: [0]getsam_recordattributes dsRecTypeStandard:Users no account for 'username'!
  Note that 'username' is not a user on my local machine. I'm not sure what would happen if it were.
  What looks like is happening to me is that the samba client is in fact contacting the server on the port that I give, but then trying to initiate some other communication (authentication?) on the default port, 139. That's why when I'm forwarding from port 139 it all works fine. That's also why I get a different error message and stuff in my local logs when the local server is running --- the samba client is contacting the remote server for part of the transaction and the local server for another part. When the local server isn't running, it just can't contact anyone and gets confused.
  The question is, how can I make the samba client consistently use the port I tell it to use? Am I missing something?
  -Andrew
  PS -- why is it that I can have both a local samba server running on port 139 and an SSH tunnel that forwards from that port at the same time? Does it have to do with what interfaces their bound on? As in, the SSH server is only bound on the loopback interface, while the Samba server is only bound on my ethernet card? That's the only explanation I could think of.

  well, I'm not doing a smb mount and have never tried to do an smb mount; only an afp mount. I'm very fortunate that I have Macs at work and home, and all authorized users to my computer are Mac users.
  I'm running OS 10.4.9 and have been doing this (afp over ssh) throughout all iterations of 10.4.x and most if not all iterations of 10.2.x up through 10.2.8 on two older computers, a 2001 Quicksilver and a 2002 Quicksilver as the servers, and using them as the clients as well along with two Powerbook G4s as clients. Also, my kids (if you call ages 20-26 "kids") afp mount via ssh tunneling as well, from an iBookG4 and iMac G5s, also running 10.4.9.
  I gotta ask a dumb question or two or three or four:
  • When you ssh, obviously you have the ssh port (only) forwarded through your router and/or modem at home, right?
  • Do you have your Mac's (the one you are trying to use as the server) firewall turned on or off? And if on, what ports/services do you have turned on in Sys Prefs Sharing? (and if off, what services are turned on?) Windows Sharing is on?
  • If you turned on personal file sharing in your "server" Mac, do you have another Mac that you could try to ssh into, tunneling port XXXX:localhost:548 then from Finder, ⌘k to localhost:XXXX, just to see if that at least works?
  • highly unlikely to make a difference, but when you ⌘k to smb://localhost:XXXX, does it help to leave off the "/username" that you had reported in preious posts as appending onto the servername?
  One last-minute comment/suggestion: There is a shareware/donationware program called sharepoints that looks pretty cool; you can check that your mount points on your server are indeed smb shared or not (as a side note, if you are so inclined, you can create additional mount points other than just users' home directories, too). I am totally clueless as to how one, from the unix command line or maybe from the NetInfo manager, might do this, so if you would be treading new ground here yourself in this regard, this program might be of some value to you.

• SSH tunneling X to locked Windows computer.

  Hi
  I have recenty installed and configurated ssh to tunnel x. But I need a way to connect to it on a school computer and every other type of computer where I cant install softwares. The windows computers in school are all part of some sort of thin clients /server solution. And I cant post stuff on the desctop I can't reach the harddrives or any thing like that. I got a network share where I might be able to put stuff. Also I can't use a usb stick and start to software from there. So is there a possible way to ssh tunnel x to one of these computers?
  Last edited by lintz (2010-03-03 07:52:23)

  Use Putty on the windows machine. It's a simple .exe which doesn't need to be installed anywhere.
  http://www.chiark.greenend.org.uk/~sgtatham/putty/
  There are plenty of 'how to' guides for using Putty to access an ssh server and setting up and using tunnels.
  http://souptonuts.sourceforge.net/sshtips.htm
  http://jstrassburg.blogspot.com/2006/01 … th-dd.html
  etc. etc.
  It'll do what you want. I use the same to get from XP at work to home, and we have similar restrictions at work. Even better - by using x11vnc on Arch and then vncviewer on XP (also a simple .exe) I am able to bring up my Arch desktop as a remote desktop on my XP setup.
  The one thing I haven't worked out yet is how to copy files from my Arch machine to XP at work, since I am unable to setup an ssh server at work - although I can now email them to myself using the remote desktop!
  Last edited by sultanoswing (2010-03-03 08:49:30)

• Possible to ssh tunnel Bonjour traffic across different subnets?

  Hello:
  For quite some time, I have been thinking of buying a couple of iSights to enable audio/visual between two distant computers. But I really don't want to have to leave a dozen ports in my DSL modems opened up in order to use AIM or Jabber servers to iChatAV to my "usual" called parties (I can't help it, I'm paranoid - I have one ssh port open on my DSL modem at home - so most everything I do from afar -- afp (port 548), vnc( port 5900), etc., I tunnel it all over ssh).
  So, in a similar vein, what I would like to do is treat a distant computer as if it were on my local 192.168.x.x NAT subnet, in order to do a Bonjour-like iChatAV connection without having to go to through these public servers and without having to leave a dozen ports open in my firewall (or go through the drill of opening/closing ports every time I want to iChat).
  Now, if I understand this correctly, on one's local subnet, iChat AV works using Bonjour to communicate with other iChat AV users on the same subnet, which, I think, uses multicast packets. So I'm wondering if it is possible to ssh tunnel multicast traffic to a different computer like so:
  ssh -L 5297:localhost:5297 -L 5298:localhost:5298 {called.party.IP.address}
  thus being able to set up a secure point-to-point iChatAV connection?
  Anybody ever do something like this?

  Hin j.v.,
  It is possible to iChat Bonjour over a Virtual Private Network , yes.
  2:33 PM Thursday; May 4, 2006

• IMac at work, iMac at home. (Latest Yosemite and Apple Remote Desktop updates installed) Need to work from home at night. I don't know how to set my permissions so that I can just control my iMac at work.

  iMac at work, iMac at home. (Latest Yosemite and Apple Remote Desktop updates installed) Need to work from home at night. I don't know how to set my permissions so that I can just control my iMac at work.

       If they have set up port forwarding for you already then that is different.  In that case, then you could be experiencing the bug with the most recent release of ARD (3.7.2) and in particular ARD 3.7.2 and Yosemite ARD version 3.8 clients.  It has been reported numerous times in the forums and to Apple that since 3.7.2, clients are frequently unavailable to connect to despite there being no network issue between the remote computer and client computer.  I have not seen anyone report it who was working from outside the LAN to inside the LAN, but I have the same issue with a number of my own computers that are simply on a different subnet, so it stands rot reason that it would happen from a port forwarding location.
       I am sometimes able to resolve the issue locally by SSH connecting into the client computer using Terminal on my admin machine and restarting or relaunching the ARD agent on the remote device, then trying to connect to it again after about 30 seconds.
  The Terminal commands for this procedure are as follows, though you might need to include a port number from outside the LAN:
  First:
  ssh ipaddress -l adminusername
  (example: ssh 192.168.1.1 -l macadmin)
  Second:
  sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -restart -agent
  After that, waiting about 30 seconds and trying to observe or control usually works, though the computer may still fail to show an online or lit-up status indicator.

• SSH tunneling to connect to remote computer

  Hi,
  I have to connect to my remote database(RHEL box) from a windows using SSH tunnel
  1. I have set up the SSH tunneling(with outgoing tunnel)
  2. I have made a entry in the TNSnames.ora file
  3. I establish connection to the remote server using SSH client and when i do tnsping
  i do get connection. Even when i change the host name to some unkown name i do get a tnsping but iam not able to connect to the database. do iam wrong anywhere
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
  -04)(PORT = 1523)) (CONNECT_DATA = (SID = ora1022b)))
  OK (800 msec)
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
  -04)(PORT = 1523)) (CONNECT_DATA = (SID = blablabla)))
  OK (800 msec)
  even when i change my sid name i get a tnsping. can anybody explain

  Hi,
  Looking for this schema below and see if help you:
             Secure Connection
     +---->-------[SSH]-------->-----+
     |                               |
     |                               |
     ^                               |
     |       Insecure Connection     v
  CLIENT---->--------------------> ORACLE
  ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                      |          |                |
                      |          |                |
                 A  LOCAL        |                |
                 B       INTERNAL IP ORACLE       |
                 C                       EXTERNAL IP (GATEWAY)
                                                       C                             B
        | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
        | Gateway |                                 |Gateway |                 192.148.1.251:1521
             .                                     200.10.11.12                                  
       A     .
     |Oracle Client|
     (TNSNAMES.ORA)
       <SERVICE> =
         (DESCRIPTION =
           (ADDRESS_LIST =                     
             (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
           (CONNECT_DATA =
             (SID = <SID>)
         )Cheers

• Jconsole - remote connection thru ssh-tunnel

  Hi all,
  I need to start jconsole on my windows-box and connect to a remote tomcat-server thru an ssh-tunnel.
  I have walked thru various posts and blogs, but finally couldn't get it running.
  On the linux-server, I have set the following JAVA_OPTS:
  export JAVA_OPTS='-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.useLocalHostname=true -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=myserver'myserver is the server-name that is resolved by the hostname-command. I also tried using localhost instead.
  On the client I run the following ssh-command to create the tunnel:
  ssh tomcat@myserver -L8888:myserver:8888 -N -vWhen I try to create a remote connection with jconsole using localhost:8888, I see the following output by ssh:
  debug1: Connection to port 8888 forwarding to myserver port 8888 requested.
  debug1: channel 1: new [direct-tcpip]
  debug1: channel 1: free: direct-tcpip: listening port 8888 for myserver port 8888, connect from 127.0.0.1 port 1618, nchannels 2It looks not too bad to me, but unfortunately, jconsole runs into a timeout after about 2 mins.
  On the server I see the following using netstat:
  tcp        0    168 myserver:ssh    mywindowsbox:3381  VERBUNDEN  
  tcp        0      0 myserver:ssh    mywindowsbox:1317  VERBUNDEN  
  tcp        0      0 myserver:44625  myserver:8888   TIME_WAIT  
  tcp        0      0 *:8888                      *:*                         LISTENIt appears to me that the tomcat-server is listening correctly on port 8888 for all incoming hosts (although localhost should be enough).
  Furthermore, it seems that the ssh-tunnel has been establised.
  Why the hell, jconsole still can't connect?

  Hiya.
  JMX connections use two ports. You need the RMI Registry and the RMI Stub. This first one you bound to port 8888, but the other one is probably still bound to a random port. You need to be able to access that one through SSH as well.
  Trouble is that the second port uses a random port and most application servers can't statically configure this one. See this article for possible solutions (be sure to read the follow ups as well) : http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx
  Cheers,
  Hugp

• Using portal admin console through an ssh tunnel?

  I'm trying to login on the portal admin over an established ssh connection:
  - profile server listen on hostname.subdomain.domain, port 8080
  - an ssh tunnel (via portforwarding through a firewall) from client port
  10000 to profile server 8080
  - connect from webbrowser to http://localhost:10000/console
  that won't work: internal server errors. If i change my hosts file:
  localhost 127.0.0.1 hostname.subdomain.domain
  it works. But this is ugly and conflicts with DNS.
  So, how can i configure the profile server to accept connections over an ssh
  tunnel? Anyone any idea?
  regards, Jordi

  Hello,
  Does any one in BEA have an answer to this. I was stumped when asked by a client. Any response will be great.
  C