Remote desktop access with VNC (Mac OS X)
VNC is a network protocol that allows you to control another computer remotely via a graphical interface. There are implementations of VNC on many platforms, because the software components used to both provide VNC service and control computers running VNC are freely available and interoperable. For example, with VNC you can control a Linux workstation directly from a Mac OS X or Windows workstation, and vice versa.
While flexible, however, VNC offers no security, does not handle non-US keyboard input very well, and most importantly does not encrypt, or scramble any information you exchange between your local computer and your remote computer. Any keystrokes you enter (passwords, bank account numbers, etc.) go over the network connection without any protection. If you decide to use VNC, therefore, it is strongly recommended you use a second protocol called SSH to protect your data.
These instructions detail how to set up a secure VNC server on your remote Mac OS X computer, as well as establish a secure connection from your local computer to this remote computer using a secured VNC client under Mac OS X:
Why use VNC over Apple Remote Desktop?
Apple Remote Desktop ("ARD") offers many speed, feature and security improvements and is also much easier to configure than VNC-over-SSH. However, ARD is a commercial product, while VNC is free. If you have funding, or need speed and clipboard (copy/paste) features, it is recommended that you use ARD. If you feel comfortable at the command-line and can do without copying and pasting between local and remote computers, VNC-over-SSH is comparable.
Setting up the VNC server on the remote computer
First, you must install and run Vine Server on the computer you want to control remotely, such as your office computer. For the sake of terminology, Vine Server is a VNC server makes a remote desktop session available to any other computer that connects to it with a VNC client.
Visit the Redstone Software download page and click on the link for Vine Server (OSXvnc). This software is free.
If you use Safari, you'll be asked to confirm your download:
Click Continue and the Vine Server icon will be located in your download folder (usually your Desktop folder):
Drag this icon to your Applications folder to install Vine Server:
Second, make sure that SSH is running by opening this computer's System Preferences:
Click once on Sharing:
Select the Services tab and place a checkmark next to Remote Login, if unchecked:
Close the System Preferences window.
Within the Applications folder, double-click the Vine Server icon to open it.
The Connection tab will be active. Make the following changes:
- Select 1 from the Display Number menu
- Add a password to the Password field
- Change the Display Name to something informative (optional)
- Note the IP Address which you will later use on other computers
Note that the IP Address information will be unique for your computer.
Click on the Sharing tab and make the following changes:
- Uncheck "Advertise server via Bonjour (10.2+)"
- Check "Only allow local connection (require SSH)"
- Select the "Always allow multiple VNC connections" radio button if you need to allow multiple computers to connect to your remote computer (for example, for demonstration or instruction purposes)
Click the Restart Server button in the lower-right corner of the window.
Leave Vine Server running while you wish to allow remote access. If you close or quit the Vine Server application, other computers will no longer be able to control or view your computer's desktop.
You are now ready to set up the VNC client on a second computer.
Connecting the VNC client to the remote computer
Download Chicken of the VNC on your remote computer:
Drag the Chicken of the VNC icon to your Applications folder:
Double-click the Chicken of the VNC ("COTV") icon to open this application.
Close the following VNC Login window — we will not use this:
To help ease future use of COTV, pull down the application menu and uncheck support for Bonjour:
COTV is now set up properly. We'll come back to this application in a moment.
Within your Applications folder, open the Utilities folder and double-click to open Terminal:
In the shell window, type the following:
$ ssh username@hostname -L 5901/127.0.0.1/5901Replace username with the username of a separate account on the remote computer. Replace hostname with the IP address of the remote computer, which you can obtain from Vine Server's Connection tab:
It is recommended that you set up a non-administrative-level, VNC-specific account with a username and password distinct from your remote computer's main user account. This helps secure your remote computer's primary accounts (such as the account you use on a daily basis). Use System Preferences > Accounts on your remote computer if you need to add a new account.
Leave this Terminal session open in the background. If you quit Terminal, the protection that SSH provides will no longer be available, and the VNC connection will close.
Back in Chicken of the VNC , pull down the Connection menu and select New Connection:
In the resulting Connect window, add the following settings:
- Enter 127.0.0.1 into the Host field
- Enter 1 into the Display field
- Enter the password you set in Vine Server into the Password field
Click on the Connect button to establish a secure, encrypted VNC connection and control your remote computer:
When you're done, you can quit the Terminal and COTV applications to close the VNC session.
For security, you may also want to the stop and quit the Vine Server application during those times when you do not need to provide remote access.
