X

How to connect via SSH using iCloud's Back To My Mac service

Apple's Back To My Mac service can be used to establish more than Screen and File Sharing services.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
2 min read

One of the more useful aspects of Apple's iCloud service is its Back To My Mac feature, which offers a quick way to connect to your system from a remote location. By default Apple offers file sharing and screen sharing options through Back To My Mac; however, you can also connect to remote login SSH sessions, if needed. While screen sharing is arguably all that's needed to access your Mac, if you are Terminal-savvy and using a slow connection then the low-bandwidth demands of the Terminal can be much easier to manage.

To use remote services with your iCloud-configured computer, you will need both the computer's name, and your iCloud account number.

Looking up your network name simply entails going to the Sharing system preferences and locating the name of your system that ends with .local as the suffix. In my case, I have a Mac Mini called "Topher's Mac Mini," with a network name of "tophers-mac-mini.local." The suffix in the name is not needed for connecting via iCloud, so the name I'd be using is simply "tophers-mac-mini."

iCloud account number in OS X
Your iCloud account number will be shown here after running the "dns-sd -E" command. Screenshot by Topher Kessler/CNET

Next you will need your iCloud account number, which can be looked up on your system by opening the Terminal and running the following command:

dns-sd -E

This command will return information on the network domains used for registering services on the system, one of which will be "local" and the other which will be "icloud.com." If you have Back To My Mac enabled, then in the output of this command you will see a couple of lines preceeded by arrows that point to the words "btmm," "members," and a number. This number is your account number.

With these two pieces of information, you can now assemble a fully qualified domain name (FQDN) for targeting your system from anywhere on the internet, using the following scheme:

computer-name.account-number.members.btmm.icloud.com

So for example, if my account number were 1212121, then the FQDN I would use to target my Mac Mini would be the following:

tophers-mac-mini.1212121.members.btmm.icloud.com

With this address assembled, now you can log into your system using SSH, such as the following example:

ssh tkessler@tophers-mac-mini.1212121.members.btmm.icloud.com

BTMM FQDN used for SSH connection
You can use the Back to My Mac FQDN to establish a direct SSH link to any of your computers, regardless of where they are on the internet. Screenshot by Topher Kessler/CNET

When you connect, as with any initial SSH session you will be prompted to authenticate and confirm the creation of an RSA fingerprint, and then be able to peruse your remote Mac using the Terminal.

While this outlines the use of this feature for SSH connections, you may be able to use it for other sharing services you use, including file sharing with alternate protocols, remote printing to a shared home or office printer, establishing a VPN connection to your home network through OS X Server, among many other possibilities.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.