Article directory
foreword
macOS comes with the Secure Shell client, which lets you log into remote servers and desktops that listen for incoming SSH connections. We can ssh username@ip
use to ssh to the server, but usually limited to the remote within the LAN.
In this tutorial, we will use the cpolar internal network penetration tool to map the default port of ssh service: port 22, obtain the public network address, and realize ssh remote login in the public network environment, without the need for public network IP or router settings.
1. Open remote login on macOS
- Open System Preferences, click
共享
- Check Open
远程登录
, copy the ssh remote login command on the right
2. Test ssh remote in LAN
In this example, the Windows system is used to test the ssh remote, click the start menu bar to search cmd
, open the command prompt, enter the ssh command, prompt for confirmation, enter yes
and press Enter, and prompt for the macOS login password
ssh username@ip地址
like:
ssh [email protected]
The ssh remote login to macOS in the LAN is successful.
3. Remotely connect to macOS via public network ssh
After successful ssh remote login to macOS in the local area network, next, we will penetrate and map port 22 through the cpolar intranet to realize ssh remote connection to macOS in the public network environment, without public network IP or router setting.
cpolar official website: https://www.cpolar.com/
3.1 macOS installation and configuration cpolar
macos installation cpolar intranet penetration can be installed through the homebrew package manager, no need to manually download the installation package.
- install homebrew
Homebrew is a package management tool under Mac OS, which has many useful functions such as installation, uninstallation, update, viewing, and searching.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- Install cpolar intranet penetration through the Homebrew package manager
brew tap probezy/core && brew install cpolar
- token authentication
Log in to the background of the cpolar official website , click the verification on the left to view your authentication token, and then paste the token in the command line
cpolar authtoken xxxxxxx
- install service
sudo cpolar service install
- start service
sudo cpolar service start
- Log in to the cpolar web UI management interface
Access the local port 9200 [ http://127.0.0.1:9200/ ] on the browser , and log in with the cpolar account.
After successful login, click Tunnel Management on the left dashboard - Tunnel List, you can see two sample tunnels (you can edit or delete them yourself)
- ssh tunnel: point to local port 22, tcp protocol
- website tunnel: point to local port 8080, tcp protocol
This time we can use the ssh sample tunnel directly, or create a new tunnel.
3.2 Get the public network address of the ssh tunnel
Click the status on the left dashboard - online tunnel list, find the ssh tunnel, you can see that the system has automatically generated the corresponding public network address, copy it, note that there is tcp://
no need to copy, in this example 6.tcp.cpolar.top:14946
.
3.3 Test public network ssh remote connection macOS
Open a command prompt and enter the ssh command:
ssh macOS用户名@公网地址 -p 公网端口号
Note: Since our local port 22 is mapped to port 14946 when it reaches the public network, the ssh command needs to add the -p parameter, followed by the public network tunnel port number
like:
ssh [email protected] -p 14946
ssh remote login succeeded!
4. Configure a public network fixed TCP address
The ssh sample tunnel installed by cpolar by default uses a random port address, which will change randomly within 24 hours, which is inconvenient for frequent users or services in the production environment. To this end, we can configure a permanently fixed public network TCP address for remote access while improving bandwidth.
Note that the cpolar package needs to be upgraded to a professional package or above.
4.1 Reserve a fixed TCP port address
Log in to the background of the cpolar official website , click on the reservation on the left, and find the reserved TCP address:
- Region: Select China VIP
- Description: Remarks, which can be customized
click保留
The fixed TCP address is reserved successfully, the system generates the corresponding public network address + fixed port number, and copies it
4.2 Configure fixed TCP port address
Visit http://127.0.0.1:9200/ to log in to the cpolar web UI management interface, click on the tunnel management on the left dashboard - tunnel list, find the ssh tunnel, and click on the right编辑
Modify the tunnel information and configure a fixed TCP port address:
- Port Type: Select instead
固定TCP端口
- Reserved TCP address: Fill in the fixed TCP port address that has just been successfully reserved
click更新
It prompts that the tunnel update is successful, click the status on the left dashboard - online tunnel list, you can see that the public network address of the ssh tunnel has been updated to a fixed TCP port address, copy it.
5. Use fixed TCP port address ssh remote
ssh [email protected] -p 11564
The ssh remote login is successful, and now the public network address will no longer change randomly.
Reprinted from the article of cpolar pole point cloud: no need for public network IP, realize remote login MacOS through public network SSH [intranet penetration]