The second localhost is resolved on the remote host, so this means port 5900 on the remote host. The second pair ( localhost:5900) are the remote end point of the tunnel. The first pair ( localhost:5901) are the tunnel start point. This option takes a parameter with three or four parts, separated by colons. The -L option creates a local port forwarding setup. The -N option tells ssh that we do not want to invoke a remote shell or run a remote command. The syntax of this command is less than obvious. (You can just try this with a second Mac or virtual machine in your network, even without a firewall.) To connect the local port 5901 to port 5900 on the remote Mac use the following command: $ ssh -N -L localhost:5901:localhost:5900 There are also many numbers that are commonly used by certain services (such as 5900 for VNC/Screen Sharing) and may already be in use. Port numbers under 1000 and over 49000 are reserved for the system and require root privileges. The starting point also needs a port number, and I can basically choose freely. The tunnel starts on my local machine and ends on at port 5900 (where the screen sharing service is listening on the remote Mac.) (When you test this, remember to enable either ‘Screen Sharing’ or ‘Remote Management’ (i.e Apple Remote Desktop) access in the ‘Sharing’ pane in System Preferences on the remote Mac.) So, how do I tell both systems to ‘tunnel’ the screen sharing traffic through ssh? Since VNC itself is inherently insecure, (mac Screen Sharing adds a few things to make it more secure) this port is blocked by many firewalls. Screen Sharing on macOS uses the VNC port 5900 to connect to a remote Mac. Imagine you want to use Screen Sharing to connect to a remote Mac ( ). You can use ssh port forwarding or ‘tunneling’ to gain access to other services through ssh. (Though some administrators move ssh access to a different port than the default 22.) Since ssh, when setup correctly, is quite secure, you can usually get access to a server with ssh even when other protocols are blocked. SSH Tunnels with Two ComputersĪccess to important services are usually blocked behind a firewall or router. In a similar way, ssh can be used to provide access to other remote services as well. Rather than providing the shell itself, ssh provides a secure way to transmit data to and from the remote shell. It can be used to connect securely to a remote shell, or to transfer files securely. We have learned so far that ssh is a really useful and flexible protocol. Please consider supporting Scripting OS X by buying one of my books!
Ssh tunnel ssl for mac#
Ssh tunnel ssl series#
So far in this series of posts on ssh on macOS:
0 kommentar(er)
