OSX Server does have several VPN servers in it.
You can configure these using Server.app however, if your internal name resolution is broken this is likely to be more trouble.
You'll also need to make sure your Mac Mini's VPN port is available to the internet on a static IP (or dynamic host name).
As an interim step I suggest looking at 'Back To My Mac' which is free as part of iCloud. Technically it uses adhoc ipsec vpn tunnels and gives you an DNS name for each mac set up, effectively bypassing the current internal name resolution issue. e.g. server.12345678.members.btmm.icloud.com
Services that you run e.g. web and ssh will accessible.
They're btmm DNS address are not internet routable and don't, generally, require any port forward or static IP addresses.
For a couple more technical details check here: https://apple.stackexchange.com/a/53776/46039
Based on the source code for the current version of SSH that's shipping with Mavericks (located here), it appears that the functionality of the config option KeychainIntegration has not yet been implemented. I'm making this assumption based on the contents of openssh/readconf.h, which does not reference the KeychainIntegration option. It does, however, reference the askpassgui option. Checking the "keywords" struct in that file does indeed show that the keychainintegration option is not present (which in turn implies that the oBadOption (NULL) op code would be returned).
Another clue implying that the functionality you desire is not implemented in the way the man page specifies is the file: openssh/keychain.c. The source code actually shows that the defaults system (i.e., Property List files) is being used to store settings related to KeychainIntegration. Specifically, lines from the store_in_keychain function reference KeychainIntegration:
/* Bail out if KeychainIntegration preference is -bool NO */
if (get_boolean_preference("KeychainIntegration", 1, 1) == 0) {
fprintf(stderr, "Keychain integration is disabled.\n");
goto err;
}
Here is the corresponding get_boolean_preference function. Note that it's using CFPreferencesCopyAppValue to obtain a boolean from the "org.openbsd.openssh" application identifier:
#if defined(__APPLE_KEYCHAIN__)
static int get_boolean_preference(const char *key, int default_value,
int foreground)
{
int value = default_value;
CFStringRef keyRef = NULL;
CFPropertyListRef valueRef = NULL;
keyRef = CFStringCreateWithCString(NULL, key, kCFStringEncodingUTF8);
if (keyRef != NULL)
valueRef = CFPreferencesCopyAppValue(keyRef,
CFSTR("org.openbsd.openssh"));
if (valueRef != NULL)
if (CFGetTypeID(valueRef) == CFBooleanGetTypeID())
value = CFBooleanGetValue(valueRef);
else if (foreground)
fprintf(stderr, "Ignoring nonboolean %s preference.\n", key);
if (keyRef)
CFRelease(keyRef);
if (valueRef)
CFRelease(valueRef);
return value;
}
#endif
This might imply that you can disable the KeychainIntegration functionality for yourself by performing this defaults command:
defaults write org.openbsd.openssh KeychainIntegration -bool NO
or to set it for all users:
sudo defaults write /Library/Preferences/org.openbsd.openssh KeychainIntegration -bool NO
Best Answer
Open Terminal and type or copy & paste this bash one-liner:
Your fully qualified domain name will appear after the words "domain name pointer" in the line that is output, and continues and includes, after the period at the far right, your mac's internal network address appearing on the next line.