Screen Sharing replaces Apple Remote Desktop
Update 2008/2/3: Adam, thanks for the suggestion — I’d forgotten about the vnc:// scheme. But who’s Geoff?? I prefer aliases to functions because they’re simpler, and like to leave an ssh shell open, both for my own use and as a reminder to close the tunnel when done. Here’s a simpler alias — note that you must still supply the hostname on the command line after the alias, e.g., “stss salt“.
alias stss="(sleep 4; open vnc://127.0.0.1:5901) & \
ssh -C -4 -L 5901:127.0.0.1:5900"
Update 2007/12/14: I added a pbcopy command to put ‘127.0.0.1:5901′ on the Clipboard (pasteboard), so now I can just Paste and then delete (pbcopy appends an undesired Return to the Clipboard), which makes the whole thing easier. New alias (note that this is really properly one line, but it doesn’t wrap properly without help):
alias stss='echo 127.0.0.1:5901 | pbcopy; open \
/System/Library/CoreServices/Screen\ Sharing.app; \
ssh -C -4 -L 5901:127.0.0.1:5900'
I have a couple licenses for Apple Remote Desktop at work, for managing our 8+1 Mac cluster (”the orchard”) and for managing other Mac servers on campus. I find ARD very useful because although Remote Desktop uses VNC as the underlying protocol, Apple’s compatibility has been poor, so I had lots of trouble connecting from Chicken of the VNC and other clients. While I like ARD (particularly the automatic ssh tunneling in v3), I only use the remote control feature, never its other management capabilities.
With Mac OS X 10.5 Leopard, Apple has bundled /System/Library/CoreServices/Screen Sharing.app, which provides the VNC capabilities I use from ARD and skips the other features I don’t care about. It’s my favorite Leopard feature, accessible from the Finder Sidebar, iChat, Server Admin, and through Back to My Mac (which seems to have some problems with security).
The only thing I don’t like about Screen Sharing is that Apple apparently built encryption into the VNC protocol. Apple’s encryption is of course incompatible with all the other clients & servers, since it’s Apple proprietary (just like their proprietary compression encodings). It’s confusing because the Preferences options look identical to the ones in ARD3, which actually uses an ssh tunnel to provide encryption. It’s a firewall problem because there are lots of places we a) allow ssh, b) block unencrypted VNC, and c) would allow encrypted VNC. ARD3’s ssh tunneling is usable here but Screen Sharing’s port 5900 connection is blocked. Fortunately the workaround is simple — build the ssh tunnel manually, as is normal for non-ARD3 VNC users. I have this alias:
alias stss='open /System/Library/CoreServices/Screen\ Sharing.app/; ssh -C -4 -L 5901:127.0.0.1:5900'
I use it with a hostname, as in: stss www
That makes an ssh connection to the specified host (www in this case), sets up a tunnel from 5901 on my admin workstation to 5900 on the server (since the admin workstation is likely to be running the Remote Management/Screen Sharing agent on 5900 already), and gives me a shell on www. As a convenience, it also launches Screen Sharing for me. In the Screen Sharing Connect window, I type 127.0.0.1:5901, and connect to the local end of the tunnel on port 5901; it goes through ssh and I get secure remote control via the ssh port (so it works across any firewalls that allow ssh). It’s actually doubly encrypted if I’m going across the Internet, since I always leave Screen Sharing’s encryption on too — if I forget to start the tunnel or connect to a machine that’s not firewalled on port 5900, I want to be sure I’m not transmitting passwords in plaintext.
Toucouleur said,
November 16, 2007 at 4:49 am
thanks a lot for this tip ! I think I will replace my Synergy’s sharing system for this sharing screen connection.
adamc00 said,
February 3, 2008 at 10:51 pm
This post inspired me (thanks Geoff) but I didn’t like the auto cut then manual paste bit so I found a less fiddly way. I use a function instead of an alias to get variable substitution under bash (alias can’t do this). The line below defines a bash function.
stss () { ssh -f -C -L 5901:localhost:5900 $1 ’sleep 5′; open vnc://localhost:5901/ ; }
The -f on ssh forks the ssh and puts it in the background. The ’sleep 5′ gives ssh something to do on the remote host until the VNC session is established otherwise it will just exit immediately tearing down the tunnel and therefore the screen sharing session will fail.
Instead of directly invoking “Screen Sharing.app” directly, “open” invokes it for us since that is what OS X 10.5 (don’t know about earlier versions) has registered as a handler for the vnc protocol.
Once the function is defined, it is invoked the same way as the original, eg …
stss www
… but avoids the hostname dialog box from Screen Sharing.app and jumps directly to the connecting stage.
adamc00 said,
February 4, 2008 at 12:28 am
I dunno who Geoff is, an invention from my distracted brain I suspect. Sorry about that, I was actually trying to say “Thanks Chris”.
The alias method looks good and having an open shell around can be handy. Open tunnels aren’t an issue however since the connection will be dropped once there are no active channels, this will happen when the VNC session is closed, which is enough of a reminder for me.
ppayne said,
February 25, 2008 at 9:39 pm
Is there any way you very smart people could help me get VNsea on my unlocked iPhone connecting to Leopard’s screen sharing? It seems so easy that no one has made a specific walkthrough but I cannot get it to work. I have screen sharing turned on on my main Mac, with “VNC can connect with password” clicked on and password entered. I try to connect from the iPhone to the IP and port 5900 (is this the default? this is totally confusing to me, I can only see USB and firewire ports on my computer — just kidding about that last part). Anyway, no matter what happens, it cannot connect through port 5901 or anything else I’ve tried port-wise. Can anyone help?