2007-03-12 22:08:00
For weeks on end I've been dragging my iBook along to the office at $CLIENT, even though I'm not allowed to connect it to their network. My iBook is indispensable to me, because it contains all of my archives and past projects, all my e-mail and my address book and calendar. I even use my iBook to keep track of my working hours (thank you TimeLog 3!).
Unfortunately, dragging my laptop around can get tiresome, especially if I ride my bike to work. Which is why I'm very grateful to one of my colleagues for suggesting the use of VNC or another remote desktop solution. Seriously, the suggestion was so obvious that I'm really ashamed that I didn't think of it. I guess I was just clinging -too- much to my dear, sweet iBook.
Anywho... What I'm about to describe is only one of many ways to implement a remote desktop solution for your Mac. A few other options exist, but this is the one I'm using. What we're going to be building is the following:
* I'm at my desk at work, using one of the PCs over there.
* My iBook, running Mac OS 10.4 is at home, connected to my wifi network.
* I will be using my iBook, from my desk at work :)
What you'll need:
* A VNC server. I chose to use Vine Server, which came recommended.
* A VNC client. For Windows and Linux I chose to use Tight VNC and for OS X I use Chicken of the VNC.
* An SSH server. This comes built in, as part of Mac OS X.
* An SSH client. For Windows I use PuTTY, while Linux and OS X come built in with a client.
* Your home IP address. You can find this by browsing to What is my IP address? at home.
Setting up SSH at home
You can use the basic SSH configuration that comes with OS X, but it's not rock solid. If you'd like to be extra secure, please make the following changes. This will disable remote root access and will force each user to make use of SSH keys. If you didn't, you could log in using your normal password which opens you up to brute force password attacks.
* Open Terminal.app and enter the following commands.
cd /private/etc
sudo vi sshd_config
* Change the following lines, so they read as follows. The last two lines a
PermitRootLogin no
PasswordAuthentication no
UsePAM no
* (Re)start SSH
Open System Preferences.
Go to "Sharing".
(Re)start the "Remote access" server.
Setting up the VNC server at home
Vine Server comes in a .DMG and you can simply copy the binary to its desired location. By starting the application you're presented with the applications configuration options, which has buttons at the bottom to stop and start the VNC server.
* You can leave most settings at their default values, but it's extra safe to change the following:
Connection -> set a password
Sharing -> only allow local connections
This secures your VNC server with a password and prevents people on your local network from connecting to your desktop. You'll only be able to login to VNC after logging in to your system through SSH.
* Press the "Start server" button.
Setting up your router
You will need to make your SSH server accessible from the Internet. Configure your router in such a way that it forwards incoming traffic on port 22, to port 22 on your Mac.
Setting up your SSH client at work
If you forced your SSH server to use public/private keypairs earlier, then you'll need to configure your SSH client to do the same. You can use ssh-keygen (OS X and Linux) or PuTTYGen (Windows) to generate a key pair. Please Google around for instructions on how to use SSH keys.
You will need to tell your SSH client to connect to your SSH server at home and to set up port forwarding for VNC. In both examples $HOME-IP is the IP address of your Internet connection at home.
* On Linux and OS X (from the command line): ssh -L 5900:127.0.0.1:5900 $HOME-IP.
* On Windows (in PuTTY): SSH -> Tunnel -> local port = 5900, remote port = 127:0.0.1:5900
What you're doing here is rerouting any traffic that's coming in at your work PC at port 5900 to port 5900 at your home box.
Setting up your VNC client at work
All of the real work is being done by the SSH session, so you can instruct your VNC client to simply connect to desktop 0 at localhost, or at 127.0.0.1. Enter the password that you set up earlier.
Adding more security
Unfortunately Hot Corners don't work through VNC and FUS kills your VNC session, so we'll need to find another way to lock your OS X desktop. Luckily I've found a way in this article. You can use Keychain Access to add a small button to your menu that will allow you to lock your screen.
And there you have it! A fully working VNC setup that will allow you to use your Mac at home, from work.
kilala.nl tags: apple, other tech, writing, sysadmin,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.