In order to AFP over an SSH tunnel , you first need to make an SSH tunnel and then you need to connect through that tunnel. I made a script to do this (I know it does no error checking, bad me). Here it is:
# script to make ssh tunnel and then connect to afp host
# Jan 02 2004 - W Penn - creation
ssh -L $LOCAL_PORT:$TARGET_HOST:$TARGET_PORT -f -N $LOCAL_HOST;
You need to enter the host you want to connect to instead of "xxx.xxx.xxx.xxx" for the TARGET_HOST variable. You must be able to log in via afp, and remote login to TARGET_HOST.
When run depending on how your are authenticating to TARGET_HOST your remote login password may be requested, then the open command will bring up the afp login window directed to TARGET_HOST.
The script makes a secure/encrypted connection from the local machine to the TARGET_HOST's AFP port 548. Then the script tries to open an AFP connection over the secure connection. If you try to connect directly with connect to server please note that typing in the IP of your AFP server will not give you a secure connection even after opening the tunnel; instead, you must connect to the local end of the secure connection which from the script is localhost:10548. This is a little weird to the novice as you tell AFP to connect to the local machine in order to REALLY connect to your remote machine.
NOTE on firewalls: (1) you do NOT need to open up port 10548 on either machine. (2) You only need port 22 open in a non built in firewall between the two machines (like in a NAT router). (3) AFP and remote login must be turned on on the target in the sharing pref pane.
EXTRA NOTE: If you use this, you are using it because you are concerned about security, so you should not use it unless you understand what every - / ; a-z A-Z etc means.
You may find searching for "ssh tunnel" on mac OSX hints useful