Control Your Mac from Afar
Subject:   SSH into LAN'd Mac?
Date:   2003-10-06 00:11:11
From:   anonymous2
I've got my Macs on a router sharing an IP. How do you log in to one of these? Would it just be logging in to the IP given to the router by the DHCP, but since you are going into a user, it knows where to go? I think not? Could do manual IPs on the systems but those are private, so how would one go to the main address, then choose which local private addy to go into? I'm thinking doing a DYNDNS setup that updates upon IP change, but that's still only going as deep as the router. Would you have to port forward? And if so, can that only be to one machine, not multiples?

thanks for any info,
No clue

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • SSH into LAN'd Mac?
    2003-10-14 07:28:09  anonymous2 [View]

    I'm assuming here that your LAN Macs all have IPs in the range 192.168.1.x (or in the Class A or B range reserved for private use). If you're not doing this already, you probably should be.

    If that is the case, you can't directly access the target machine anyway.

    What you need to do is to get your router/firewall to forward requests to port 22 to a specific machine. This needn't be the target machine as you can always SSH from there to the target machine inside the LAN.

    You'll need to ensure that all the LAN machines that you might want to target have static IPs. You'd then set the router to port-forward requests onto one of them (referred to below as the primary target).

    To operate, you'd just do ssh which will land you inside your network on the primary target, from which you can SSH to your actual target as necessary.

    It's *exactly* the setup I use (with dyndns) to log into home and collect mail with pine.
    • SSH into LAN'd Mac?
      2004-01-07 17:15:29  anonymous2 [View]

      there is also another way to get this working.

      many ssh-clients let you configure the port to use
      on the router you have to configure nat (or better pat) to translate the ip adress to the one of your target machine and the destination port of your target machine.

      this setup is a bit more work to do but it reduces network trafic in the target LAN
      this setup can even be used to connect to multiple vnc servers on a LAN behind a router with an acceptable amount of network traffic

      by the way -
      for the sake of security its a good idea to use ports different from the well-known ports to confuse crackers ;-)