Tuesday, March 30, 2010

Mobile Me, Back to My Mac, and ssh.

For several months now I’ve been using MobileMe’s Back to My Mac (BTMM) feature to securely access my home computer from work. It usually works through my Netgear router, although there are occasional hiccups. Anyway, I had been using it for VNC and for disk mounting, but I didn’t know how to ssh through it. In particular, I did not know what domain name or IP address to use. As with most things Apple, the technical details remain largely hidden, which can be a blessing or a curse (and sometimes both simultaneously).

So, I had my router set up to forward port 22 to my laptop, and then pointed ssh to the IP address given to me by Comcast (actually, to my DynDNS domain name, but same thing). This works, but I would like to have all the comms protected by BTMM’s Kerberos-authenticated IPv6-based VPN goodness.

Yesterday I got curious about it and did some searching and found this Mac OS X Hint from 2008. It turns out to be very simple. Each of my machines, while it’s logged into BTMM, automagically gets a domain name of the form host.username.members.mac.com. My MobileMe username happens to have a period in it, which is escaped with a backslash (so my domain name is actually along the lines of host.user\.name.members.mac.com).

This domain is only resolvable from other machines logged into my BTMM account, and it doesn't depend on router port forwarding, so I don't need any complicated firewall rules in place. The only downside (apart from the occasional flakiness, which seems aggravated when I initiate other VPN connections) is that I will no longer be able to log into my computer using iSSH on my iPhone. But I hardly ever do that anyway.

The moral of the story is: to remotely log into my home laptop from my work laptop, I just need to type:
ssh host.user\\.name.members.mac.com.
in a terminal. That extra backslash is to keep my shell from interpreting “\.” as “.”; the escape character is escaped. I could equivalently quote the entire argument, like:
ssh "host.user\.name.members.mac.com."
Oh and the trailing period is intentional (but optional).


OK, I admit it. I just wrote this to keep up with my recent post rate of 3.80265176e-7 Hz.