7. OS X
updated: September 27, 2006
AFP over SSH (or, How to Securely Access Your Mac's Files over the Internet without a VPN)
NOTE: This guide is based on OS X 10.4.3.
I. Setup SSH Server:
- Forward port 22 on router to SSH server
- System Preferences > Sharing > Services > Check "Personal File Sharing" (to enable AFP) and "Remote Login" (to start OpenSSH service).
II. Connect from SSH Client:
- Open a Terminal window and type: sudo ssh ip_address -l username -L 22:127.0.0.1:548
where ip_address is the public IP address or domain name of the SSH server and username is a valid OS X user account on the Mac running SSH server.
- Enter your local admin password when prompted by sudo and press Return.
- The first time you connect to a host, you will see a message about the "RSA key fingerprint". Type "yes" and press Return. (See this article for more information.)
- Enter the password corresponding to the username you entered in step 1 and press Return.
- You are now connected to the SSH server and can work from the command line. If you prefer a GUI:
- Minimize (do not close) the Terminal window.
- In the Finder, click Go > Connect to Server...
- Under "Server Address:" type: afp://127.0.0.1:22 and click Connect.
- Enter a username and password which exists on the SSH server (for example, the same one you used in step 1) and click "Connect".
- Choose the volume you wish to mount and click OK. The volume is mounted and a Finder window with its contents will open.
- When you are finished, unmount the share from your desktop and type "exit" in the minimized Terminal window to close the SSH connection.
III. Additional Security Considerations
Considering this recent analysis of malicious SSH login attempts, you may wish to harden SSH a bit. For detailed instructions, see sections 1 and 2 of: Hardening SSH and Mounting Remote Filesystem in OS X Finder via SSHFS.