Running Mac OS X Tiger: A No-Compromise Power Users Guide to the Mac (Animal Guide)

12.6. Remote Maintenance

In today's world of high-speed connections, Virtual Private Networks (VPNs), and ubiquitous Internet access, it's become quite common to have your computer constantly connected to a network. Sometimes, you'll find yourself needing a file from your Mac and you know it's out there on the Internet waiting for you, if you could just get to it. Luckily, Mac OS X has several different tools that allow you to securely connect to your Mac, even when you're far, far away.

The two most commonly used tools for remote maintenance on Mac OS X are Virtual Network Computing (VNC) and the Secure Shell (SSH). Much like many other Mac OS X offerings, you are given a graphical (VNC) and a command-line (SSH) tool. Given that most Mac OS X maintenance tasks can be performed in either environment, pick the one you're most comfortable with, as described in the following sections.

12.6.1. Virtual Network Computing

Virtual Network Computing, or VNC, is a software package designed to enable a user to remotely connect to a graphical session on another computer. Originally developed by AT&T, VNC is an open source alternative to tools like Symantec's pcAnywhere and Microsoft's Remote Desktop. The VNC package is made up of two components: a server and a client. The server runs on the machine that is hosting the graphical session, while the VNC client is run by the user to connect to the VNC server from a remote location, similar to Figure 12-10.

Figure 12-10. The VNC client-server relationship

One of the nice things about VNC is that it has been ported to a variety of computing platforms. What's more, each of these platforms can interact with another's clients and servers. For example, a Macintosh user could use a Mac VNC client to connect to a Windows XP machine running a Windows-based VNC server. The platform differences simply don't come into play and you can easily work with Windows, Linux, and other Mac OS X machines using a single VNC client on your Mac.

Apple has taken the VNC suite and reworked it for integration with Mac OS X. Unfortunately, it takes the form of another product known as Apple Remote Desktop (ARD; see http://www.apple.com/remotedesktop). While ARD is a very powerful tool for administering multiple Macs, it's a bit expensive ($299) for just one Mac. However, ARD is really made up of two components. One componentthe administration softwareis what Apple charges you for. The otherthe client portion of the softwareis a part of every Mac OS X installation. Bundled with that ARD client software is Apple's enhanced VNC server, ready for your use.

Third-Party VNC Servers

Given VNC's open source nature, it comes as no surprise that several different VNC solutions are available on the Internet. The Mac is no exception, with a variety of VNC servers and clients being developed for Mac OS X. Though Apple's VNC solution is more than sufficient for most purposes, you might want to try some of the other VNC packages out there.

A quick search on VersionTracker (http://www.versiontracker.com) or MacUpdate (www.macupdate.com) reveals many different choices, including the most popular non-Apple VNC server for the Mac, Share My Desktop (http://www.bombich.com/software/smd.html), by Mike Bombich (creator of lots of useful Mac tools, including Carbon Copy Cloner).

12.6.1.1. Enabling the VNC server

Apple has placed the configuration settings for Apple Remote Desktop in the Sharing panel of System Preferences. To enable ARD, launch System Preferences and then go to Sharing Services and turn on Apple Remote Desktop. If this is the first time ARD has been enabled on the system, you are presented with the Access Privileges sheet, shown in Figure 12-11.

Most of the options on the Access Privileges sheet are irrelevant unless you are specifically using the Apple Remote Desktop management software. The only option you'll need to configure is listed as "VNC viewers may control screen with password." Enable it and enter a memorable password in the corresponding text field. Once your changes are complete, click OK to put them into effect.

12.6.1.2. Connecting to VNC

Now that your Mac is listening for VNC connections, you'll need a VNC client to access it. As mentioned earlier, there are a variety of VNC clients available for just about every platform out there. A popular one for Mac OS X is Chicken of the VNC (http://sourceforge.net/projects/cotvnc/). To connect using Chicken of the VNC, just enter your Mac's IP address in the Host field and then enter the password you set in the ARD Access Privileges sheet, as shown in Figure 12-12. Once you've connected via VNC, you can control your Mac the same as if you were sitting at it.

Figure 12-11. The Apple Remote Desktop Access Privileges sheet

Of course, the remote system needs to be turned on, connected to the Internet, and you'll need to know its IP address ahead of time, but that should go without saying. Just keep that in mind for times when you plan to travel. Some things you'll need to do to the server system include:

  • Leave the system on and set Energy Saver preferences to Never (System Preferences Energy Saver Sleep) so the system doesnt put your computer to sleep when it is inactive.

  • Set the Energy Saver preferences so the display goes to sleep after an amount of time that sounds reasonable to you.

  • Jot down the IP Address from the TCP/IP tab of the Network preferences panel.

  • Pack your bags and hit the road.

With your Mac at home set up so it doesn't sleep, you'll be able to connect to your machine and do whatever it is you need to do, even if the display is asleep.

Figure 12-12. Establishing a VNC connection

12.6.2. The Secure Shell

Also found in the Sharing preference panel, the Remote Login service is used to enable Mac OS X's Secure Shell server (sshd ). SSH is a protocol for using key-based encryption to allow secure communication between machines. To connect to a machine running sshd, simply use the following command:

ssh machinename

For example, to connect to a machine named Hobbes.local, you would use the following:

$ ssh Hobbes.local

The ssh program uses the username with which you are logged into the Terminal to connect to the server. If you want to use a different username, prepend the machine name with username. For example:

$ ssh panic@Hobbes.local

And thanks to Bonjour, you can also connect to ssh servers on your local network easily by selecting File Connect to Server (Shift--K) in the Terminal. This brings up a dialog from which you can see the local machines you can connect to, as shown in Figure 12-13.

What's So Secure About It?

SSH uses various forms of encryption to secure your connection to the remote host. Each host that is using SSH keeps a unique host key to identify itself. When you first connect to an SSH server, the SSH client will ask you to confirm and accept the key the server has provided. Because the key is unique to that particular server, a malicious person attempting to hijack the trusted server's network connection would have his efforts thwarted. The SSH client alerts the user once it sees that even though the server's network address is the same, the SSH host key is different.

In addition to ensuring you're connecting to the right server, SSH uses encryption to secure the connection itself, preventing your session from being hijacked or snooped.

Figure 12-13. The Terminal's Connect to Server dialog

Upon establishing a connection to your Mac's Remote Login service, you'll be presented with a shell session much like the one you'd find when using Terminal. Using the command line and SSH, you can easily work with your Mac remotely without the overhead of a graphical session. It might not be as pretty as the VNC connection, but an SSH session offers all of the power and flexibility of the command line.

For more information about SSH, see SSH, The Secure Shell: The Definitive Guide, by Daniel J. Barrett, et al. (O'Reilly).

Категории