Remote Control of OS X (Tiger) Desktop via VNC

Dave Minor — Fri, 21 Dec 2007 15:25:00 -0600

I’ve been asked to post the method that I use to easily log onto remote macs to facilitate support on some of my client’s machines. This is not rocket science, just my howto that I pieced together from several sources long forgotten (sorry). It’s very possible that this procedure will continue to work on Leopard, all of the machines I deal with are still running Tiger at this point. I think this worked with Jaguar too, but I can’t recall.

The basic idea is to log onto the remote machine via SSH, start a VNC server, then connect from the local machine and use SSH port forwarding tricks to keep yourself from leaving VNC ports open and forwarded on the remote router.

Remote Machine Setup

must have an administrator’s account
must have a static IP address on the LAN
install OSXvnc which is now called something else. I am running version 1.4. I’m not sure if this will work with the new server
create a ~/bin directory
in ~/bin, I have two files:

dminor$ cat bin/startvnc 
#!/bin/sh
sudo /Applications/OSXvnc.app/OSXvnc-server -rfbport 5900 \
> ~/Library/Logs/OSXvnc-server.log 2>&1 &

echo "VNC has started" 

dminor$ cat bin/stopvnc 
#!/bin/sh

sudo killall OSXvnc-server
echo "VNC has stopped"

locally, run bin/startvnc and bin/stopvnc to make sure they are working properly and that they are firing off the osxvnc server
in ~/.bash_profile, just under my path, I put source ~/bin/startvnc and as the last line of the file, trap '$HOME/bin/stopvnc' 0
now when you start a terminal sesssion (locally or SSH), the vnc server will start.
verify in Sharing Pref Pane that the Remote Login service is checked and that you can SSH into the box.

Remote Network Setup

You’ll need to have port forwarding on the network’s router to the remote machine on port 22. As you’ll see below, there is no need to have VNC ports forwarded on the router.

Ease of Access via Hostname

It sure makes it a lot easier if you can SSH to a hostname that stays constant instead of having to determine the dynamic IP address of the remote machine each time. For dynamic IPs, I use dyndns.org to maintain a good hostname. For static IPs, I just setup an A record in the DNS zone file. Actually, if it’s a dynamic, I usually setup a CNAME record pointing to the dyndns hostname. And this works great on a local network too with bonjour.

Local Machine Setup

On your local machine, you need SSH and a VNC client. On OSX, I use Chicken of the VNC.

In my ~/.ssh/config file, I’ve setup entries for each remote machine like:

Host jkmini
  HostName jkwork.clients-domain.com
  Port 22
  Compression yes
  LocalForward 5901 127.0.0.1:5901

Now when I SSH jkmini, I get a terminal and vnc starts automatically. Here’s a sample session on the local network:

[dminor@ginger: ~]$ ssh sarahs-imac.local
Last login: Fri Dec 21 15:54:35 2007 from ginger.local
Welcome to Darwin!
VNC has started

[dminor@Sarahs-iMac: ~]$ ps aux | grep vnc
root     21718   0.0  0.2   196736   2680  p2  S     3:55PM   0:00.17 /Applications/OSXvnc.app/OSXvnc-server -rfbport 5900
dminor   21721   0.0  0.0    27812      4  p2  R+    3:55PM   0:00.00 grep vnc

[dminor@Sarahs-iMac: ~]$ logout
VNC has stopped
Connection to sarahs-imac.local closed.

In the case of a controlling a local machine (as above), I’d simply fire up Chicken of the VNC and connect to the hostname.local on the proper port (5900 here) and gain access.

On a remote session over SSH, you’ll see that we setup local port forwarding on the SSH session, so locally, port 5901 is being redirected to 5901 on the remote machine over SSH. I fire up Chicken and connect to localhost:5901.

Multiple Remote Machines That Share a LAN

I’ve also configured multiple machines behind the same router (therefore a shared public IP). I can attach to two machines on the same LAN at the same time over SSH with no problems. I may post that additional writeup one day.

I hope this is helpful and not too confusing.

"Remote Control of OS X (Tiger) Desktop via VNC" by Dave

Fri, 21 Dec 2007 20:55:05 -0600

Bingo. The other trick is you'll need a separate ~/.ssh/custom_known_hosts file for each additional machine so that you don't have hostname clash. This is taken care of with the UserKnownHostsFile directive in ~/.ssh/config. You also need a different port forwarding setup in your ssh/config. The second machine looks like:

Host jkminifd
  HostName jkwork.clients-domain.com
  Port 2222
  UserKnownHostsFile ~/.ssh/mini_known_hosts
  Compression yes
  LocalForward 5902 127.0.0.1:5901

note the LocalForward from 5902 locally to 5901 remotely. The in the VNC client, I know that to connect to this machine after getting SSH working, I connect to localhost:5902. I keep track of the remote machines via shortcuts in the VNC client.

"Remote Control of OS X (Tiger) Desktop via VNC" by doug

Fri, 21 Dec 2007 17:16:17 -0600

I guess with multiple machines behind the firewall you'd just forward some port other than 22 on the firewall to port 22 on the Mac behind the firewall. Then setup a ~/.ssh/config setting for that specific port. Thanks for posting this...

vamp: dm: Remote Control of OS X (Tiger) Desktop via VNC