Archive for May, 2009

MacOS Screen Sharing over the Internet using SSH

May 11, 2009

You don’t need to subscribe to iCloud (MobileMe) to access a Mac desktop remotely over the Internet from another Mac (“Back to My Mac”). You just need to do some setup. This description assumes (for simplicity) that you’re using Leopard (MacOS 10.5) or later on both Macs. If you’re still on Tiger (10.4) you’ll need a third-party VNC client like Chicken of the VNC; I haven’t tested that.

It’s also possible to access a Mac desktop from Windows or other operating systems using a VNC client such as UltraVNC. That is described here as well.

This setup runs the Apple Screen Sharing through an encrypted tunnel using SSH, for security.

  1. One-time setup on the Mac you’ll be connecting to, which we will call the “remote Mac”. In System Preferences>Sharing, turn on Remote Login (aka SSH). In System Preferences>Sharing, turn on Screen Sharing. In Computer Settings, select “VNC viewers may control screen with password:”. Choose a password.
  2. One-time setup on the Internet router/firewall for the network your remote Mac is on. Forward TCP port 22 (SSH) from the Internet to your remote Mac’s internal/private IP address. You might find this option under something like “NAT Rules” on your firewall’s setup screens, which are web pages for most routers. If you haven’t assigned the remote Mac a static IP address, you might want to. Otherwise, find out the IP address that your router assigned it by looking in System Preferences>Network.
  3. One-time setup of a host name for your remote Mac’s Internet connection. It’s convenient to give your your firewall’s external IP address a host name, especially if its IP address is dynamically assigned by DHCP and subject to change without notice. A dynamic DNS service like allows you to create an account and choose a host name for your Internet connection. Some router/firewalls have the ability to keep a DynDNS entry updated.
  4. One-time setup on your local Mac that you’ll be using to connect to the remote Mac. (Not applicable for a Windows or other client OS.) Allow Screen Sharing to connect to (aka localhost); in Terminal run (all on one line):

    sudo defaults write skipLocalAddressCheck -boolean YES

    and type your password when prompted.
  5. To prepare to access your remote Mac’s desktop over the Internet from the local Mac, in Terminal on your local Mac run (all on one line):

    ssh -N -L 6900:

    If it asks if you want to add or trust the host key or something like that, respond yes. That should only happen once. When prompted, type the password for your account on the remote Mac.

    your_login_short_name is the name of your home folder on the remote Mac; it will be lowercase with no spaces. The -L option creates a local tunnel which forwards TCP port 5900 (the standard VNC server port) on the remote Mac to port 6900 on your local Mac. The -N option to ssh prevents it from opening a command-line connection; omit it if you want one in addition to the port forwarding.

  6. For a Windows client, you can use the plink program from the PuTTY SSH package:

    "C:\Program Files\PuTTY\plink.exe" -N -L 6900:

    plink.exe might be in “C:\Program Files (x86)” or another folder on your computer.

    Alternately, you can use the graphical PuTTY program and in Connection>SSH>Tunnels set

    Source port 6900

    Then click Add.

  7. Run the Screen Sharing client on your local Mac; in Finder:
    Go>Connect to Server (or Command-k)
    In the Server Address box, type:


    A login box will pop up; enter your_login_short_name and your password for the remote Mac.
    You can click the + to save this address as a favorite for the future.

    Your remote Mac’s desktop should appear!

    In the Screen Sharing preferences, you might want to try the option “Show the screen at full quality (more detailed)” if needed and you have fast Internet connections at both ends.

  8. For a Windows client, UltraVNC Viewer is known to work. In the “VNC Server” box, enter “” (yes, two colons), then click Connect. Then enter the VNC password you set earlier on the remote Mac. You will see the Mac’s lock screen; type your account password to unlock it.
  9. When you’re done with your screen sharing session, quit the Screen Sharing app on your local Mac and press Ctrl-c in the Terminal window to disconnect the ssh tunnel.