David’s Thoughts

I just finished getting this all set up at my house. What I did was the result of pulling some things from a few different sites. They are credited at the bottom of this post. What follows is the process pretty much the way I did it, and it worked!
I’m using the idea of having a constant HOME server, and a floating, connecting from anywhere, SATELLITE computer.

[1] Get set up with dyndns.org or another dynamic DNS server. (or be sure you know your destination IP address). You will need some sort of client to keep the IP updated on the server. My router natively supported dyndns.org, so that’s the service I went with. If your router doesn’t natively support the service that you go with, you’ll need to use a client that runs on your Home computer, to keep your IP address updated in DNS

[2] On the router that handles the internet connection of the Home computer, forward port 22 to the IP address of the Home computer. This is the only port that needs to be open on the router.

On Satellite Mac
[3] create key pair on the Satellite Mac (optional, but for best security)

command-line: (use Terminal)
ssh-keygen -t rsa (answer question for creating a password, then assign a filename)

On the Home Mac:

[4] Allow secure SSH connections

Get your public key from gmail, or however you emailed it to yourself.

In your home directory, at the command-line, create a new directory if it’s not already there: .ssh. move your public key into this new .ssh directory. Rename your public key to “authorized_keys”. So it should be here: /Users/MYHOMEUSERNAME/.ssh/authorized_keys

and lastly, at the command-line:
cd ~
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

edit /etc/sshd_config

Essential - make sure the following is not commented out:
AlowTcpForwarding yes

Optional - preventing SSH logins via password, requiring login only via the key pair - Make sure the following two lines are uncommented:
PasswordAuthentication no
UsePAM no

Start (or stop and start) SSH. On the Sharing preferences pane, it is “Remote Login”.

[5] Set up OSX VNC (or Vine Server)

The important thing here is, under the Sharing tab of Vine Server, select “Only allow local connections (require SSH)”

Also, for convenience, you may, under the Connection tab, remove the password. I set the Display Number to Auto.

Now everything is set up. The rest of this is the everyday process of using the setup.

On the Remote Mac:

[1] create a VNC tunnel to the Home Mac. (for Screen sharing)
at the command-line:
ssh -i /Users/MYREMOTEUSERNAME/.ssh/privatekey -L 5900:localhost:5900 MYHOMEUSERNAME@MYHOMEMAC.dyndns.org

(answer with the password for your private key)

[2] Connect to Home Mac by using a VNC client to connect to localhost, port 5900.

[3] Create an AFP tunnel to the Home Mac. (for File sharing)

ssh -i /Users/MYREMOTEUSERNAME/.ssh/privatekey -L 5480:localhost:548 MYHOMEUSERNAME@MYHOMEMAC.dyndns.org

[4] Mount a volume from your Home computer by using the finder menu and using Go -> Connect to Server. Enter afp://localhost:5480 into the field.

Final Notes

I believe there are quite a few ways to streamline this process. There are multiple VNC client apps. Maybe even more than one VNC server apps. The diveintomark.org video tutorial, mentioned below, shows a way to not have to enter your private key password every time you connect.

Credits: (thanks for the help, guys!)
http://macosx.miraworld.tv/ssh/
http://howto.diveintomark.org/remote-mac/