Indigo2 remote access via a SSH Tunnel

Posted on
Fri Sep 08, 2006 8:36 am
snowjay offline
Posts: 274
Joined: Aug 09, 2006

Indigo2 remote access via a SSH Tunnel

As requested here is a little primer on establishing an SSH Tunnel to run Indigo functions over. I'm hoping I drank enough coffee this moring to make it coherient. :wink:

An SSH Tunnel is an encrypted "pipe" between two machines, usually on different networks over the internet. You can almost think of it as a mini VPN. Traffic is directed down the tunnel via port forwarding on the client side.

You will need to know two bits of information, the internal ip address of the workstation running Indigo2 and the external of ip address of your router.

First we make sure your Indigo server has it's firewall set to allow incoming connection via the web and remote client. Those settings can be found here:

http://www.perceptiveautomation.com/php ... =7408#7408


Now lets set up SSH on the Indigo server.
Go to System Preferences | Sharing and then click the box next to Remote Login. Thats it.

Now you must configure your router to port forward SSH requests to the Indigo Server. Log in to your router, look for a section called "Port Forwarding" or something similar.

Once there you need to create a rule for SSH. These are the values to use for the rule:
Name: ssh
port #: 22
protocol: TCP
ip address: your Indigo server internal ip address

Make sure you enable the rule and save the changes.

If you don't know what your routers external ip address is now is a good time to look for it. ;)


That is all that needs to be configured on the home network. Now the following will need to be done from your remote computer at work, school, relatives, etc... computer.

First lets make sure the connection can be established to the Indigo Server at home. Open up Terminal (Applications > Utilities > Terminal.app) and use the following command:

ssh <user>@<ip> (replace <user> with the login on your Indigo server and <ip> with your external ip address )

It should look something like this:

Code: Select all
ssh snowjay@169.254.248.254


Press enter and you should be greeted with a password prompt. Type your password in and press enter. You should see something like:

Code: Select all
Last login: Wed Sep  6 18:13:39 2006
Welcome to Darwin!
indigo2server:~ snowjay$


If that is the case you are connected to your home computer! Just type exit to close the connection and then quit out of Terminal. Now lets getting Indigo working.

You will need to download a little utility called SSH Tunnel Manager (SSHTM). It can be found:
http://www.macupdate.com/info.php/id/10128

The utility isn't absolutely needed as everything can be done via the command line but it makes it tons easier.

Once you have SSHTM download and installed open it up.

From the main window click the Configuration button and then click the + to add a new tunnel.

Choose a name for your tunnel. Login should be the login name of our Indigo server you used above, Host will be your external ip address and Port should be 22.

Now the port forwarding rules need to be defined.
Under Local Redirections you will see three fields. Port, LAN Host and Port. The first Port is the local port (workstation that you are at) that needs to be redirected. LAN Host is the ip address of your Indigo server and the second Port is the port the LAN Host will receive traffic on.

Keeping things simple and assuming your Indigo server is using an ip address of 192.168.1.101 your two rules should look like this:

for Indigo Remote Server
Code: Select all
1176  192.168.1.101  1176

for Indigo Control Pages
Code: Select all
8000  192.168.1.101  8000


Close that window to return to the main window and you should see your tunnel name with a play button next to it. Click the play button and after a few seconds a box should pop up asking for your password. Type in your password and click OK and you are good to go.

To now utilize the tunnel lets open up Safari and type in:
http://localhost:8000

If everything is set correctly you should be brought to your Indigo Control Pages.

If you have Indigo2 loaded on the workstation, start it up, select connect to remote server, for the address use localhost and click connect.

Thats it, all done. Hopefully this makes sense to somebody. :lol:

The tunnel can also be used for other applications like VNC, mail and just about anything else.

Posted on
Fri Sep 08, 2006 8:51 am
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: Indigo2 remote access via a SSH Tunnel

Thanks for the awesome tutorial!

Regards,
Matt

Posted on
Fri Sep 08, 2006 9:28 am
czvi offline
Posts: 79
Joined: Jul 23, 2006

(No subject)

Thanks! What a great community we have here. I don't have time to set it up now, but it looked easy to follow.

Posted on
Fri Sep 08, 2006 11:55 am
macpro offline
User avatar
Posts: 765
Joined: Dec 29, 2005
Location: Third byte on the right

(No subject)

Never knew it was that easy.
Thanks for this info, this will help me a lot.
And not only with Indigo.

Posted on
Fri Sep 08, 2006 3:16 pm
polycron offline
Posts: 100
Joined: Jan 08, 2006

(No subject)

Sweet. Worked exactly as advertised. (And better!)

- Jeff

Posted on
Fri Sep 08, 2006 3:44 pm
snowjay offline
Posts: 274
Joined: Aug 09, 2006

(No subject)

Great, glad it worked out for you. :)

And thanks everybody else. Glad I could give something back to the community!

Besides encrypting all your traffic, the other benefit is you only have to allow only one port open on your router at home (instead of one for each service you want to connect to). Thats less of an exposure to the world, just make sure the password for the Mac is good and strong.

One thing I didn't mention is that this will only work as long as your office (or where ever) firewall allows port 22 through to the internet. If not there are ways around that but it all depends on what router you are using at home and it's capabilities.

I also didn't cover how to find your ip addresses along with keeping you updated when your external ip address changes. There are a few different ways to accomplish that.

VNC is the original reason I create the tunnel but it has many other uses too. Some people even use it to retrieve/send mail from personal accounts because their corporate firewall blocks ports 25 & 110.

Posted on
Sat Sep 09, 2006 8:50 am
Lalit offline
Posts: 71
Joined: Jul 05, 2006
Location: Paris (France)

(No subject)

Thanks for your tutorial !!! I don't have time to set it up now too, I'll do it later this night !

Posted on
Sun Sep 10, 2006 11:08 am
Rickk offline
Posts: 62
Joined: Oct 21, 2005
Location: Milford, Michigan

password

I Still need help.
I was able to get to the password promt via terminal (This Step here)

[size=9]"Press enter and you should be greeted with a password prompt. Type your password in and press enter. You should see something like:

Code:
Last login: Wed Sep 6 18:13:39 2006
Welcome to Darwin!
indigo2server:~ owjay$"

But Indigo is not loging me on.
Any Suggestions.
I do have my server settings checked as follows...
Allow Remote access
Enable Remote Indigo and Flash..
Enable remote web Browser..
Enable remote Rss feeds.
Require authenitication.
I feel like I am the only one who is not getting this.
Thanks

Posted on
Sun Sep 10, 2006 12:53 pm
snowjay offline
Posts: 274
Joined: Aug 09, 2006

(No subject)

Rick,

Do you have the SSH Tunnel manager running with the two rules I posted?

Posted on
Sun Sep 10, 2006 2:49 pm
Rickk offline
Posts: 62
Joined: Oct 21, 2005
Location: Milford, Michigan

(No subject)

Yes, I have the SSH Tunnel Manager Program running on my laptop that I am trying to connect to my home server.
I am on the same LAN. Also as I said in my prior post, the terminal sign on did not work.
This I am doing from the hosting computer.

Thanks for your continuted help.

Posted on
Sun Sep 10, 2006 3:07 pm
snowjay offline
Posts: 274
Joined: Aug 09, 2006

(No subject)

Sorry, I misunderstood, thought you were able to log in via terminal.

Ok, if you established the connection in Terminal but can't log in usually means you are using an incorrect password. Or maybe you are using the wrong userid to log on to the Indigo server.

The name and password you are using is an account on your home server. Basically whatever you use to log on into that server.

The terminal login needs to work before anything else ever will.

Posted on
Sun Sep 10, 2006 3:10 pm
Rickk offline
Posts: 62
Joined: Oct 21, 2005
Location: Milford, Michigan

(No subject)

Thanks SnowJay, I just want to be sure here. The Log on ID is the Name that I've placed in the Indigo Server Window next to "require Authentication" that along with the password is what I've been using and verifing.

Posted on
Mon Nov 06, 2006 4:25 pm
gregjsmith offline
Posts: 946
Joined: Apr 01, 2003
Location: Rio Rancho, NM

(No subject)

Do you have to use the IP of your home network or can you use a domain name?

Posted on
Sun Nov 19, 2006 10:54 am
Rick8343 offline
Posts: 12
Joined: Nov 15, 2006

THANK YOU!!!

Hey, this is great. Thank you for the extremely consise and easy to follow instructions. Never having SSH'ed before, I really apprecated the solid directions!

Questions:

1. I am about to start a new job, and will be gone for weeks at a time. That said, can I assume that this type of connection is relatively stable, meaning the IP addresses of my router and server will remain constant, so I don't loose the tunnel???

2. Having successfully done this now, I see this well laid-out page for my mobile device (thanks Matt). This begs the question, is it possible (assume so) and how hard is it to SSH from a Windows Smartphone??? Feel like writting an appendage to the tutorial?? :)

Again, thanks! Being able to control my house when i am halfway around the world will be great.

Rick

BTW - I'm a different Rick than the poster above.

Posted on
Wed Dec 06, 2006 3:37 pm
gmusser offline
Posts: 290
Joined: Feb 12, 2005
Location: New Jersey

(No subject)

snowjay, what a great tutorial. One question: is there any way to have stronger authentication than a password? For instance, can I require that the client machine have a cryptographic key?
George

Who is online

Users browsing this forum: No registered users and 1 guest