SSH Tunnel

From MtdWiki

Fewer than thirty days after the release of version 4.x in April 2003, Apple bent to industry pressure and removed the ability for users to share their iTunes music library with any other than machines on the local subnet. The limitation is easily overcome, however, with the use of an SSH tunnel between a remote computer and the server hosting mt-daapd.

Server prep

• ensure the mt-daapd daemon is properly configured and running

• ensure the secure shell (SSH) daemon is properly configured and running

Creating the SSH tunnel

There are two ways of accomplishing this portion of the procedure — the hard way and the easy way. Both will be covered here, beginning with the former.

The following information will be needed:

• shell access to the server running the mt-daapd daemon

• the IP address of the server

• the IP address of the router/gateway/firewall device

• the ability to initiate a connection on port 22 at both ends

From the command line, issue the following command:

ssh userName@ssh-server.example.com -N -f -L 3689:daap-server.example.com:3689

Here is a short explanation of what is taking place.

A normal SSH session is being initiated between the remote machine and the network on which mt-daapd is running, ssh-server.example.com. The N switch establishes a non-interactive tunnel, while the f switch sends it to the background. Both of these free up the command line for other uses (HINT: such as the beacon below) while the tunnel session is active. The L switch and following parameters specify the specifics of the tunnel. In this example, the local DAAP port is being tunneled to the DAAP port at the server running mt-daapd, daap-server.example.com.

NOTE: to terminate this tunnel, when established from the command line, determine the process ID (pid) and send it a kill signal.

The easy way to accomplish the same result is to use a GUI-based application such as Fugu (http://rsug.itd.umich.edu/software/fugu/) (MacOS) or SSHTunnelClient (http://www.delight.ch/delight.ch/index.php?s=48) (Windows). Simply complete the required information in the tunnel dialogue.

Broadcast mt-daapd as a DAAP server to the remote network

As with the creation of an SSH tunnel, there are both a hard and an easy way to establish a DAAP beacon. Again, we begin with the more difficult.

From the command line, issue the following command:

mDNSProxyResponderPosix 127.0.0.1 squeal "shareName" _daap._tcp. 3689 &

As with the previous example, a short explanation.

The mdns command calls to the installed zeroConf (aka Bonjour or, previously, Rendezvous) daemon. Using the R switch registers the beacon and provides it with a broadcast name. (It should be noted that POSIX systems other than Darwin - MacOS - will likely need to issue the mdns call as mDNSProxyResponderPosix if Apple's open-source version of the multicast DNS daemon is used.) To facilitate recognition of the DAAP share within iTunes, it will need to be given a name; the squeal command accomplishes this. In the example, "shareName" is the name which will be recognized by iTunes — name it what you like. Finally, the broadcast share is bound to port 3689 with _daap._tcp. 3689 and sent to the background by appending an ampersand.

There is an important point to bear in mind for those running mt-daapd on Mac OS X. Apple includes a version of the mDNS broadcaster under the guise of "Bonjour" networking. Unfortunately, the functionality required for initiation of a relay beacon is missing. Therefore, it will be necessary to download and install the mDNSResponder tarball from the Apple Developer Site (http://developer.apple.com/). Follow the directions in the "mDNSPosix" directory to build and install the mDNSProxyResponderPosix binary.

Users on other platforms who either make use of the aforementioned Apple distribution, Howl or another third party Zeroconf package will already have the proxy executable installed. Simply follow the above directions to initiate a relay beacon.

NOTE: to terminate this beacon, when established from the command line, determine the process ID (pid) and send it a kill signal.

Again, there is an easier, GUI solution if that is preferred. Download and install Network Beacon (http://www.chaoticsoftware.com/ProductPages/NetworkBeacon.html) (MacOS) or RendezvousProxy (http://ileech.sourceforge.net/index.php?content=RendezvousProxy-Download) (MacOS or Windows) and configure with the required parameters.

For Network Beacon, it looks something like

Making use of the remote, tunneled share

To test the success of the tunnel, launch iTunes on the remote computer. The name you have given the shared service, shareName above, should appear in the browse pane to the left of the display. Select it and wait a minute or so and the contents of your library should appear in the track pane.

Other resources

Additional information on the subject of DAAP tunneling can be found in this forum thread (http://forums.fireflymediaserver.org/index.php?option=com_simpleboard&Itemid=&func=view&catid=2&id=289#289).

For additional assistance, feel free to post a request (http://forums.fireflymediaserver.org/index.php?option=com_simpleboard&Itemid=40) for assistance to the appropriate forum.