Remote SSH using Back To My Mac

One of the less well publicised features of Apple’s iCloud service is Back To My Mac.

This service provides a private IPv6 network which you can use to securely connect all your Mac hosts.

To use BTMM you will need to upgrade all your Macs to OS X Lion and sign them all into the same Apple iCloud account. You will also need your unique BTMM account number.

When you are signed into iCloud you can discover your BTMM account number as follows:

$ dns-sd -E
Looking for recommended registration domains:
Timestamp     Recommended Registration domain
12:07:46.550  Added     (More)               local
12:07:46.550  Added                          icloud.com
                                             - > btmm
                                             - - > members
                                             - - - > 123456789

The final line shows your individual BTMM account number.

For example, if you Computer Name (set in System Preferences > Sharing) is mymac and your BTMM account number is 123456789, then the fully qualified domain name of the host is mymac.123456789.members.btmm.icloud.com.

If you have spaces in your Computer Name then replace them with dashes, e.g. “My Mac” becomes the hostname my-mac.

To test connectivity to your remote host use ping6, e.g.

ping6 mymac.123456789.members.btmm.icloud.com

To list all the SSH enabled hosts on your domain:

dns-sd -B _ssh._tcp

You would SSH into your host using this command:

ssh -2 -6 username@mymac.123456789.members.btmm.icloud.com

Note that you will only be able to communicate with the other hosts on your iCloud private network if the Mac you are using is also signed into the same iCloud account.

You can also use an open SSH connection to access your non-Apple hosts on your internal network by using SSH port forwarding. This tunnels the destination traffic over the BTMM private network via your remote Mac.

For example, if you have a web server running on a host with the IP address 192.168.1.2 then you can use this SSH command to set-up a forwarded port:

ssh -2 -6 -L 8080:192.168.1.2:80 username@mymac.123456789.members.btmm.icloud.com

To access the remote host from your local machine you would go to http://127.0.0.1:8080/

Prevent SSH session timeout

When using mobile broadband I found that a SSH shell session to a remote server would terminate unless I used it every few minutes. To overcome this use the ServerAliveInterval option to send a regular keepalive message to the remote server, which should be enough for the ISP firewalls to maintain the TCP session indefinitely.

Either add the SSH option via the command line, e.g.

$ ssh -o ServerAliveInterval=60 user@host

Or add the following line to ~/.ssh/config:

ServerAliveInterval 60  # Send a keepalive every 60 seconds