Greetings! My name is Jonathan Bell, and I'm a new columnist here with MacMod.com. First, I'd like to talk a bit about myself. I am an avid Macintosh fan, and have been using them for most of my life. When I first got my hands on Mac OS X Public Beta, I was immediately interested in the Unix underpinnings. With some Linux experience on the side, I started to learn the basic inner workings of Mac OS X, and some of the cool things that I could do with it. Over the past few years, this small amount of working knowledge has increased, not to the point where I'd say that I'm an expert, but I think that at least I know my way around. I have my mods collection compiled on my website and on MacMod. When I'm not working on my G5, playing DDR, or modding, I can probably be found skiing or sailing.

VNC stands for Virtual Network Computing. Open source since 1998, VNC is maintained by RealVNC. With traditional VNC, one would install a VNC server on a central "mainframe" running the X server (Not to be confused with Mac OS X). Clients would then connect to this server, and essentially run their entire windowing system over the network. This provides server administrators with a zero-configuration management system for all of his or her clients.

But VNC also works beautifully for peer-to-peer links. Clients are available for Windows, Linux, Solaris, HP-UX, Palm, and more (Including, of course, Mac. Servers are also available for many operating systems, including Mac OS X. The goal of this exercise is to be able to control a Mac from another computer anywhere in the world.

The first step is to download and install the VNC server. Red Stone Software maintains a VNC server for both Mac OS X and Mac OS 9. Once you download the Mac OS X server, install it by dragging the file in the disk image to your applications folder. It is now time for configuration!

When you first open OSXvnc, you will be presented with a window like the following:

Make sure that display number is set to 0, port to 5900, and set a password. Display name can be anything you like. It probably makes the most sense to set it to something descriptive.

Moving down the line, there are a few options in "System". You can set these however you like.

In the next tab, there are a few more options that we need to configure. Make sure that "Only allow local connections (require SSH)" is checked. VNC uses no encryption on its communications. Therefore, someone snooping on the network can observe anything that you do with VNC. However, we are going to use SSH (Secure SHell) to tunnel all of the VNC packets over an encrypted tunnel.

In the final tab, you can set the server to automatically start when you turn on the computer, automatically restart, and a few other things. Again, this is up to you. If you click "Configure Startup Item" then OSXvnc will automatically start durring the bootup sequence. This means that you could use the login screen to login remotely over VNC.

Once we have our VNC server configured, it's time to make sure that SSH is set up. Open System Preferences, then click on "Sharing." Make sure that "Remote Login" is enabled.

At this point, we need to make sure that your network is accepting incoming connections on port 22 (because we are tunneling VNC over SSH, which uses port 22). If your computer is directly connected to the internet, then all that you need to know is what your IP address is. If you are unsure of it, try going to Whatismyip.com. If you are on a home network with a NAT router (ie Linksys, Airport, Dlink products), then go to your router's configuration page, and make sure that port 22 TCP is set to be forwarded to whatever the IP of your machine is (you can get this from System Preferences > Network). You then need to find out what your IP address is to the outside world, which again, can be found with Whatismyip.com.

It is now time to set up a client. I will show how to connect from another Mac, but there are clients out there to let you connect from Palm Pilots, Windows CE devices, Windows, and more. I can recommend that if you are connecting from a Windows machine that you use PuTTY to make your SSH connection, and the VNC client from RealVNC.

I like using VNCThing, from Purple Shark Software as my Macintosh VNC client. Again, install VNCThing by dragging it to your applications folder. Open Terminal from your Utilities folder, and type in:

ssh <your username on the remote machine>@<ip of the server> -L 5900/127.0.0.1/5900

If you have never connected to this server before with SSH, then you will be prompted to remember the RSA fingerprint. Just type "yes". (*note*: This may create a security hole, since the RSA fingerprint may be that of another computer, trying to play a "man in the middle" attack. You should be warry of this, though you will be safe unless someone is trying to hack your connection at that exact time.) When prompted, enter your user password. If you login successfully, you will be prompted with a shell on the remote machine. You can minimize this window now; we won't actually be using the shell. Open VNCThing, and configure the options as you like (they're hidden under the collapsed triangle). Where it asks for depth, it means how many different colors will be displayed on the screen. I recommend setting the depth to be lower than server depth, since it will use less bandwidth. Type in "127.0.0.1" as the server, and enter the password that you provided OSXvnc. Click OK, and you will be connected!

To disconnect, just close the VNC window, and quit VNCThing, and type "exit" in the terminal that you used to make the SSH connection.

There are a few security concerns that now exist. First, your machine is open to SSH logins. If you have an easily guessable password, then someone could guess what your password is, and log in to your computer. This can be solved simply by using a hard to guess password, or by using complicated authentication methods, which I won't get into here. Second, anyone who can log into your machine via SSH can now control your display. So if you have another user on the machine, and you are logged in to the computer, they can use VNC to control your machine as you. However, the VNC password can provide some protection against this.

Also, you should take into account the amount of bandwidth that you will be using. It can grow to be quite a bit if you have a high resolution screen, and a high color bit-depth. Network administrators might get mad at you, but as long as you're not bringing the network to a crawl, they probably won't. That being said, don't say I didn't warn you about the downsides.

If you have any questions or comments about my first column, please feel free to email me, at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .
This article is ©2004 by Jonathan Bell. It may not be reproduced without advance written permission.

Write Comment

Name:
Comment:
Code:*
	I wish to be contacted by email regarding additional comments