You Need to Access Your Mac Remotely. Here’s How.
Your Mac is sitting on your desk at home, but you’re miles away. Maybe you need to grab a file you forgot, check on a long-running script, or restart a web server. The thought of driving back just to click a few buttons is frustrating.
This is where SSH, or Secure Shell, becomes your best friend. It’s a secure network protocol that lets you log into your Mac’s command line from another computer, as if you were sitting right in front of it. Whether you’re using a Windows PC, a Linux machine, or even another Mac, SSH provides a secure tunnel for remote administration.
Setting up SSH on a Mac is straightforward because the necessary software is built right in. This guide will walk you through enabling the SSH server on your Mac, connecting to it from any device, and securing the connection properly.
What You Need Before You Start
Before you can connect, you need a few things in place. First, both your Mac (the server) and the computer you’re connecting from (the client) must be on a network. This could be your local home Wi-Fi or, for remote access, the internet.
You also need to know your Mac’s IP address. On your local network, this is a private address like 192.168.1.105. To connect from outside your home network, you’ll need your public IP address and will likely have to configure your router, a process called port forwarding.
Finally, you’ll need a user account on the Mac with administrator privileges to enable the service and a standard user account for actually logging in. It’s a security best practice not to use the root account directly.
Enabling the SSH Server on Your Mac
Your Mac has a powerful SSH server built into macOS, but it’s turned off by default for security. You can enable it in just a few clicks through System Settings.
First, click the Apple menu in the top-left corner of your screen and select “System Settings.” Navigate to the “General” section in the sidebar, and then click “Sharing.” You’ll see a list of services you can share.
Find “Remote Login” in the list and click the toggle switch to turn it on. The label “Remote Login” is Apple’s user-friendly name for the SSH service. Once enabled, you’ll see a message indicating which users are allowed to connect. By default, it allows all users, but you can click the “Info” button to restrict access to specific users for better security.
The settings window will also display the exact command you need to use to connect. It will look something like “ssh yourusername@192.168.1.105”. Note this down, as it contains your username and local IP address.
Finding Your Mac’s IP Address
You need your Mac’s IP address to tell the SSH client where to connect. The easiest way to find it is through System Settings. With “Remote Login” still selected in the Sharing pane, the address is often shown right there.
For a more technical method, open the Terminal app. You can find it quickly by pressing Command-Space to open Spotlight, typing “Terminal,” and hitting Enter. In the Terminal window, type the command `ifconfig | grep “inet ” | grep -v 127.0.0.1` and press Enter.
This command shows your network interfaces. Look for the “inet” line associated with `en0` (Wi-Fi) or `en1` (Ethernet). The number next to it, such as 192.168.1.105, is your local IP address. This is the address you’ll use to connect from another computer on the same Wi-Fi network.
Connecting from Another Computer
With SSH enabled on your Mac, you can now connect from virtually any other computer. The process is similar across platforms, with the main difference being the terminal or SSH client you use.
Connecting from Another Mac or Linux Machine
On another Mac or a Linux computer, you already have the SSH client installed. Open a terminal window. To connect, you use the `ssh` command followed by the username and IP address of your target Mac.
The basic syntax is: `ssh username@ip_address`. For example, if your username on the home Mac is “alex” and its IP is 192.168.1.105, you would type:
`ssh alex@192.168.1.105`
Press Enter. The first time you connect to a new server, you’ll see a security warning about the host’s authenticity. It will ask if you want to continue connecting. Type “yes” and press Enter. This step adds the Mac’s cryptographic fingerprint to your known hosts file.
Next, you’ll be prompted for the password for the “alex” account on the remote Mac. Type it carefully. Note that for security, the cursor won’t move or show asterisks while you type. Press Enter after typing the password.
If the password is correct, your terminal prompt will change, and you’ll be logged into the remote Mac’s command line. You can now run any terminal command as if you were sitting at that machine.
Connecting from a Windows PC
Windows has included a built-in SSH client since the Windows 10 Fall Creators Update. The easiest way to check is to open Command Prompt or PowerShell and simply type `ssh`. If you see usage instructions, the client is installed.
If the `ssh` command is not found, you have a few excellent options. The first is to install the official OpenSSH client. Search for “Apps & Features” in your Windows Start menu, click “Optional Features,” and then “Add a feature.” Look for “OpenSSH Client” in the list, select it, and click install.
Another popular and powerful option is PuTTY, a free SSH and telnet client. Download the installer from the official PuTTY website. Once installed, open PuTTY. In the “Host Name” field, enter your Mac’s IP address. Ensure the “Port” is set to 22 and the “Connection type” is SSH. Click “Open.”
A terminal window will open, prompting you for your username and then your password, similar to the process on Mac/Linux. After successful login, you’ll have a remote session.
Securing Your SSH Connection
Using a password over SSH is common, but it’s not the most secure method. It’s vulnerable to brute-force attacks if your Mac is exposed to the internet. A much stronger alternative is key-based authentication.
This method uses a pair of cryptographic keys: a private key that stays securely on your client computer and a public key that you place on your Mac. The two keys mathematically match, allowing you to log in without ever sending a password over the network.
Setting Up SSH Key Authentication
Start on the computer you will use to connect from (your client). If it’s a Mac or Linux machine, open a terminal. On Windows with OpenSSH, use PowerShell. Generate a new SSH key pair with this command:
`ssh-keygen -t ed25519`
The `-t ed25519` option specifies a modern, secure key algorithm. You’ll be asked where to save the key. Press Enter to accept the default location. Next, you can enter an optional passphrase. A passphrase adds another layer of security by encrypting your private key file on disk. You can press Enter twice to leave it blank, but using a passphrase is recommended.
This creates two files in your `.ssh` directory: `id_ed25519` (your private key) and `id_ed25519.pub` (your public key). Never share your private key.
Now, you need to copy the public key to your Mac. You can do this easily with another SSH command. Run:
`ssh-copy-id username@ip_address`
For example, `ssh-copy-id alex@192.168.1.105`. You will be prompted for your password on the Mac one final time. This command securely copies your public key into a file on the Mac called `~/.ssh/authorized_keys`.
After this is done, try to SSH in again. This time, you should be logged in automatically without a password prompt, or it will ask for your key’s passphrase if you set one.
Changing the Default SSH Port
Another simple hardening step is to change the default SSH port from 22 to a different number. This doesn’t provide true security, but it drastically reduces the noise from automated bots on the internet that constantly scan port 22.
To do this on your Mac, you need to edit the SSH server configuration file. Open Terminal on the Mac itself and type:
`sudo nano /etc/ssh/sshd_config`
Find the line that says `#Port 22`. Remove the `#` to uncomment the line and change 22 to a number between 1024 and 65535, like 2222. Save the file by pressing Control-O, then Enter, and exit with Control-X.
For the change to take effect, restart the SSH service:
`sudo launchctl stop com.openssh.sshd`
`sudo launchctl start com.openssh.sshd`
Now, when connecting, you must specify the new port. From the command line, use the `-p` flag: `ssh username@ip_address -p 2222`. In PuTTY, you would put the port number (2222) in the “Port” field next to the hostname.
Troubleshooting Common Connection Issues
Sometimes, things don’t work on the first try. Here are solutions to the most common problems you might encounter when trying to SSH into your Mac.
Connection Refused or Timed Out
If you get a “Connection refused” error, the SSH service is likely not running on your Mac. Double-check that “Remote Login” is enabled in System Settings > Sharing. Try toggling it off and on again.
A “Connection timed out” error usually means your client cannot reach the Mac at the IP address you provided. Verify the Mac’s IP address hasn’t changed (DHCP can assign new addresses). Ensure both machines are on the same network. If you’re trying to connect from the internet, you may have a firewall blocking port 22, either on your Mac or your router.
On your Mac, check the firewall in System Settings > Network > Firewall. Ensure it’s configured to allow incoming connections for “Remote Login.”
Permission Denied Errors
This error after entering your password means the username or password is incorrect. Usernames on macOS are often shorter than your full name. To be sure, check the exact username on the Mac by opening Terminal and looking at the prompt before the `@` symbol, or check in System Settings > Users & Groups.
If you’re using SSH keys and get “Permission denied (publickey),” it means the Mac is not accepting your key. Verify that you copied the correct public key to the `~/.ssh/authorized_keys` file on the Mac. Check the file’s permissions; they should be `600` for the `authorized_keys` file and `700` for the `.ssh` directory.
Accessing Your Mac from the Internet
Connecting from outside your local network requires more setup. You need your public IP address, which you can find by searching “what is my ip” on Google from your Mac. This address can change unless you have a static IP from your Internet Service Provider.
The main hurdle is your router. It acts as a gatekeeper, blocking unsolicited incoming connections. You must configure it to forward SSH traffic to your Mac. This is called port forwarding.
Log into your router’s admin panel (often by typing 192.168.1.1 or 192.168.0.1 into a browser). Find the port forwarding section. Create a new rule: forward external port 22 (or your custom port) to your Mac’s local IP address on internal port 22. The protocol is TCP.
This exposes your Mac to the internet, so key-based authentication and a non-default port are strongly recommended. For a more secure and reliable solution, consider using a service like Tailscale or setting up a VPN.
Beyond Basic Commands: Useful SSH Tips
Once you have a stable connection, SSH can do more than just give you a remote terminal. You can transfer files and even run graphical applications with a bit of extra configuration.
To securely copy files from your local machine to the Mac, use the `scp` command. The syntax is `scp /local/file/path username@ip_address:/remote/destination/path`. To copy a file from the Mac to your local machine, just reverse the order: `scp username@ip_address:/remote/file/path /local/destination/`.
For a more interactive file management experience, you can use `sftp`. Just type `sftp username@ip_address`. This will give you an FTP-like prompt where you can use commands like `ls`, `cd`, `get`, and `put` to navigate and transfer files.
If you need to run a macOS application with a graphical interface, you can use X11 forwarding. This is more complex and requires installing X server software on your client computer (like XQuartz on Mac). You would connect using `ssh -X username@ip_address`. Performance over the internet can be slow, so this is best for lightweight apps on a local network.
Mastering Remote Access for Your Workflow
Setting up SSH transforms your Mac from a single-machine workstation into an accessible server. You’ve learned how to enable the service, connect from any major operating system, and significantly harden the connection against unauthorized access.
The immediate next step is to implement key-based authentication. It’s the single biggest security upgrade you can make. After that, familiarize yourself with `scp` for quick file transfers. Bookmark the command to find your Mac’s IP address, as you’ll need it whenever your network changes.
For permanent, worry-free remote access, investigate modern solutions like Tailscale, which creates a secure private network without complex router configuration. It uses the same SSH principles but makes connecting from anywhere as simple as being on the same Wi-Fi.
Start by practicing on your local network. Open a terminal on your laptop and SSH into your desktop Mac. Run a few commands, copy a test file. Once you’re comfortable, you’ll have unlocked a powerful method to manage your systems, making you more productive no matter where you are.
