Leopard Screen Sharing
The only thing to date that I’ve missed from the dark ages of using Windows XP Pro is the built in Remote Desktop capability. RDP is one of the very few things I’ve seen come out of Redmond that actually worked beyond a satisfactory level.
Nearly three years ago my work machine was replaced with a PowerMac G5 running OS X Panther, ever since I’ve been looking for an equivalent solution for those occasions when I need GUI access to my desktop via the company VPN.
Unfortunately the only solution with acceptable performance in the Mac world, to my knowledge, is Apple Remote Desktop. While Apple Remote Desktop has some excellent functionality, it is overkill for my uses. At a starting price of $349.00 (CAD) for a 10 user license it is also out of the price range most would be willing to spend to gain simple remote desktop functionality equivalent to that bundled with XP Pro at no additional charge.
In my recent playing with Leopard, one of the things immediately noticeable was the ability to connect to another Bonjour discovered Mac within the local network from the Shared section of the Finder sidebar. Unfortunately, beyond using the Back To My Mac feature available only to .Mac subscribers, it was not immediately obvious if this new Leopard functionality could be used to connect to any arbitrary machine via an IP address.
As my curiosity began to get the better of me, I began to casually glance around to see if I could call the Screen Sharing application directly and manually supply it the host information. I first checked out the obvious locations, namely the Applications and Utilities folders. No dice. After a little more digging, I discovered the application bundle in the /System/Library/CoreServices folder. Running the application from this location immediately prompts the user for the host address to connect to. Eureka!
Having successfully connected to my PowerMac G5 at work via it’s private (RFC 1918) IP address via the VPN, my next experiment was to determine if I could access the machine through an SSH tunnel.
Although I have had issues with either compatibility or performance when attempting to connect to OS X desktops using generic VNC clients, the protocol of Apple Remote Desktop is essentially just VNC. Based on that knowledge, I figured tunneling TCP port 5900 to the inside IP address of the target machine would allow me to connect without a VPN in place.
The SSH tunnel can be established from the Terminal application like so:
ssh -L 1024:x.x.x.x:5900 y.y.y.y
Where the x.x.x.x is the private (internal) IP of the target machine and y.y.y.y is the IP address of a host accessible via SSH that has direct access to the private network. The 1024 above can also be changed to any arbitrary local port number. Once the SSH tunnel is established, launch the Screen Sharing application and enter localhost:1024 (or whatever local port number you used instead of 1024). You will now be connected to your remote machine.
Note: The target machine you are connecting to does not need to be running Leopard, but the Apple Remote Desktop service must be enabled from the Sharing applet in System Preferences.
October 24th, 2007 at 7:00 am
Thanks!! Your post saved me a lot of time, and was very informative.
October 28th, 2007 at 2:34 am
You rock! This also works a treat on the “final” version of Leopard, if you’ve only allow ssh access into one of the boxes.
October 29th, 2007 at 5:28 pm
Great article! One question for you:
Is it possible to change the VNC port that Leopard listens to connections on so that multiple Macs behind a firewall can be SSH’d with port mapping for screen sharing?
October 29th, 2007 at 6:15 pm
geeseman,
I don’t know of a straight forward way to change the port the VNC service listens on, but an alternative supported by most routers would be to change the outside forwarding port while leaving the inside port the same.
ie) Port 5900 on your outside IP goes to port 5900 on the inside IP of your first mac. Port 5901 on the outside IP goes to port 5900 on the inside IP of your second mac and so on.
In other words, your outside port need not match the inside forwarding port.
When you connect via the screen sharing application you simply append a : and port number to the end of the IP address in order to connect to the appropriate system.
Hope this helps. Glad you liked this post.
October 30th, 2007 at 12:24 am
of course! Duh! Thanks for the sanity check!
By the way… found an easy to use GUI wrapper for SSH tunnels here:
http://www.versiontracker.com/dyn/moreinfo/macosx/16840
Seems to work fine in Leopard and makes multiple port mappings a snap.
November 16th, 2007 at 2:29 pm
Hi ! do you know if it is possible to connect to a machine running Panther ?
All my attempts so far have failed…
Thanks
November 16th, 2007 at 3:20 pm
Claude,
I don’t have a machine running Panther around to test so I have no idea if this is possible with Panther out of the box. I was able to connect to a machine running Tiger while I was running the Leopard beta though so it isn’t Leopard specific at the very least.
I do know that in order to use Apple Remote Desktop to connect to a Panther computer you must first install a Client Update Package created using the Apple Remote Desktop application.
If Panther doesn’t work out of the box it may be possible to update it to do so. Download the Client Update package (linked above) and you should be able to install it on Panther (10.3.9 or later). After installing this package you may be able to connect via Leopard’s Screen Sharing Application.
I’m not 100% certain if this will work, but I would love to hear from you if it does…
November 20th, 2007 at 10:53 am
Hey Denis !
IT WORKED !!!! Your client update did the trick…
Thanks a lot.
December 14th, 2007 at 2:33 pm
Thanks! I had considered purchasing a .Mac account solely for the “back to my mac” feature. (One thing that I really like about Leopard’s VNC client is that fact that runs so much faster than other clients like Chicken of the VNC.) From what I have read, though, BtMM is buggy as hell and rarely works outside of one’s local network.
It just took a minute or two to get this working.
Your hint just saved me US$79. Thanks again!
Cheers,
Jay
December 18th, 2007 at 11:52 am
Yay!
Thank you and I hope this works! When I upgraded to Leopard I updraded my hardware as well. It would be nice to actually have a use for my old panther box again as right now it is just gathering dust.
December 28th, 2007 at 9:53 am
Nice Post!
One question, though – does your solution above require 2 machines inside the firewall? I guess I’m really asking: if my leopard mac inside the firewall has ssh
open through the firewall, can I tunnel port 5900 traffic directly to it?
[ie. x.x.x.x = y.y.y.y in your example]
Thanks again!
December 28th, 2007 at 10:03 am
Matt,
The solution does not require two machines behind the firewall. My example looks as such because in my case I am SSH’ing to my BSD gateway and using it to tunnel to the Mac system.
In your case you could SSH into the Mac directly and setup a tunnel like so:
ssh -L 1024:localhost:5900 y.y.y.y
Where y.y.y.y is the outside IP address you use to SSH into your Mac.
January 3rd, 2008 at 8:40 pm
Thanks! Works great over VPN tunnels too as long as you know your IP.
March 8th, 2008 at 10:36 am
Denis,
I happened upon your website and article on screen sharing in a Google search. I specifically needed to screen share with an iMac running 10.3.9. Your suggestion to download the Client Update Package did the trick! I downloaded (thanks for providing it), installed, restarted the iMac and bada bing, bada boom, there it was. Thanks a bunch!
May 12th, 2009 at 2:37 pm
Thanks for the post. I have a G3 powerbook with OS X 10.3.9. All of the services were showing up with bonjour browser except screen sharing. Port 5900 didn’t show up. Installing the client update fixed it immediately, no restart required! Finally I can use this perfectly good computer without having to sit in front of it.