The only thing to date that I’ve missed from the dark ages of using Windows XP Pro is the built in Remote Desktop capability. RDP is one of the very few things I’ve seen come out of Redmond that actually worked beyond a satisfactory level.
Nearly three years ago my work machine was replaced with a PowerMac G5 running OS X Panther, ever since I’ve been looking for an equivalent solution for those occasions when I need GUI access to my desktop via the company VPN.
Unfortunately the only solution with acceptable performance in the Mac world, to my knowledge, is Apple Remote Desktop. While Apple Remote Desktop has some excellent functionality, it is overkill for my uses. At a starting price of $349.00 (CAD) for a 10 user license it is also out of the price range most would be willing to spend to gain simple remote desktop functionality equivalent to that bundled with XP Pro at no additional charge.
In my recent playing with Leopard, one of the things immediately noticeable was the ability to connect to another Bonjour discovered Mac within the local network from the Shared section of the Finder sidebar. Unfortunately, beyond using the Back To My Mac feature available only to .Mac subscribers, it was not immediately obvious if this new Leopard functionality could be used to connect to any arbitrary machine via an IP address.
As my curiosity began to get the better of me, I began to casually glance around to see if I could call the Screen Sharing application directly and manually supply it the host information. I first checked out the obvious locations, namely the Applications and Utilities folders. No dice. After a little more digging, I discovered the application bundle in the /System/Library/CoreServices folder. Running the application from this location immediately prompts the user for the host address to connect to. Eureka!
Having successfully connected to my PowerMac G5 at work via it’s private (RFC 1918) IP address via the VPN, my next experiment was to determine if I could access the machine through an SSH tunnel.
Although I have had issues with either compatibility or performance when attempting to connect to OS X desktops using generic VNC clients, the protocol of Apple Remote Desktop is essentially just VNC. Based on that knowledge, I figured tunneling TCP port 5900 to the inside IP address of the target machine would allow me to connect without a VPN in place.
The SSH tunnel can be established from the Terminal application like so:
ssh -L 1024:x.x.x.x:5900 y.y.y.y
Where the x.x.x.x is the private (internal) IP of the target machine and y.y.y.y is the IP address of a host accessible via SSH that has direct access to the private network. The 1024 above can also be changed to any arbitrary local port number. Once the SSH tunnel is established, launch the Screen Sharing application and enter localhost:1024 (or whatever local port number you used instead of 1024). You will now be connected to your remote machine.
Note: The target machine you are connecting to does not need to be running Leopard, but the Apple Remote Desktop service must be enabled from the Sharing applet in System Preferences.