A long time back I made a post on running Bonjour iTunes sharing over SSH. It works but just for the machine you are SSH’ing into. Well now Yazsoft who makes Speed Downloader recently put out a tool called ShareTool.
Sharetool is a bonjour relay tool over an SSH connection. It uses the existing Remote Login service built into OSX. It can take advantage of your existing setup connection if you already use SSH to access your network from remote. The one odd technical thing I have found is that it seems capable of ignoring the requirement for public key authentication on an existing setup Remote Login configuration. But only when using the ShareTool itself. It does not even provide a means of specifying use of an authentication key. It still honors any user name restrictions you setup under the Remote Login preference panel.
*UPDATE* I found even though I had thought I moved my ssh key out of my folder for testing it had hung onto a key in another location and my passphrase had been cached in my keychain. ShareTool will automatically use your key authentication if the key is present in your .ssh folder and is unable to login to your mac if you require key authentication and the key is missing. Very sweet.
Connecting to remote services adverstised by Bonjour, screen sharing, file sharing etc all worked surprisingly well.
Some additional very nice features are UPnP to automatically configure your router, wanting to use non standard random high ports to avoid SSH bot attacks, updating of Dynamic DNS services like DNS-o-Matic, DynDNS etc. Lastly it passes through access to all Bonjour services on the network you are connecting into.
They provide a evaluation version of the tool that allows 15 minutes of functionality at a time to see if it meets your needs.
One last odd thing about the product. They require you purchase one license for each machine you load the software on. This is only strange because you can only use it in a minimum of a pair. One on the machine you are connecting to and the machine you want to connect from. Usually software that has to work in a pair usually lets you run that with one license up front then just add singles after that. They want you to purchase a single license for $20 USD. At least they offer a “special” $30 USD for a pair of licenses. So look at the product as costing $30 out of the box then $20 for each additional single license after that. A pack of 5 licenses is $75 USD.
You can check out my SSH Screencast Series over at Typical Mac User for more on using SSH/Remote Login services.
Hello,
I wanted to clarify that ShareTool doesn't take any steps to circumvent public key authentication. I believe the confusion may stem from the fact that the “Password” field in ShareTool works both for password login and passphrase-protected keys.
ShareTool uses the private key from the user's ~/.ssh/ folder automatically. If prompted for a passphrase by SSH, it will provide the password entered by the user in ShareTool.
If you're under Leopard, it's also possible that the operating system has stored the passphrase for your private key in the system keychain. Leopard manages SSH keys automatically and I believe the “Add to Keychain” option is checked by default in the new “Please provide the passphrase…” dialog.
Thanks,
Navdeep Bains
ShareTool Support
Well I had removed my private key from my .ssh directory and it appeared to still let me in. I will try it again. And the password that let me in despite having required public key authentication is not the same password as the passphrase for my key.
Hello,
Hrmm, that's strange. I'm not sure why that would be. You can confirm that ShareTool isn't doing any funny business by running the “ps” command while ShareTool is connected to a remote network:
ps | grep ssh
Thanks,
Navdeep Bains
ShareTool Support
That should have been:
ps -xawww | grep ssh
Yup I had to dig out some ssh keychain entries from my mac osx keychain. Once I did that then it wanted my private key passphrase to work.
Yup I had to dig out some ssh keychain entries from my mac osx keychain. Once I did that then it wanted my private key passphrase to work.