Archive for the ‘mac’ Category

MacOS Screen Sharing over the Internet using SSH

May 11, 2009

You don’t need to subscribe to iCloud (MobileMe) to access a Mac desktop remotely over the Internet from another Mac (“Back to My Mac”). You just need to do some setup. This description assumes (for simplicity) that you’re using Leopard (MacOS 10.5) or later on both Macs. If you’re still on Tiger (10.4) you’ll need a third-party VNC client like Chicken of the VNC; I haven’t tested that.

It’s also possible to access a Mac desktop from Windows or other operating systems using a VNC client such as UltraVNC. That is described here as well.

This setup runs the Apple Screen Sharing through an encrypted tunnel using SSH, for security.

  1. One-time setup on the Mac you’ll be connecting to, which we will call the “remote Mac”. In System Preferences>Sharing, turn on Remote Login (aka SSH). In System Preferences>Sharing, turn on Screen Sharing. In Computer Settings, select “VNC viewers may control screen with password:”. Choose a password.
  2. One-time setup on the Internet router/firewall for the network your remote Mac is on. Forward TCP port 22 (SSH) from the Internet to your remote Mac’s internal/private IP address. You might find this option under something like “NAT Rules” on your firewall’s setup screens, which are web pages for most routers. If you haven’t assigned the remote Mac a static IP address, you might want to. Otherwise, find out the IP address that your router assigned it by looking in System Preferences>Network.
  3. One-time setup of a host name for your remote Mac’s Internet connection. It’s convenient to give your your firewall’s external IP address a host name, especially if its IP address is dynamically assigned by DHCP and subject to change without notice. A dynamic DNS service like allows you to create an account and choose a host name for your Internet connection. Some router/firewalls have the ability to keep a DynDNS entry updated.
  4. One-time setup on your local Mac that you’ll be using to connect to the remote Mac. (Not applicable for a Windows or other client OS.) Allow Screen Sharing to connect to (aka localhost); in Terminal run (all on one line):

    sudo defaults write skipLocalAddressCheck -boolean YES

    and type your password when prompted.
  5. To prepare to access your remote Mac’s desktop over the Internet from the local Mac, in Terminal on your local Mac run (all on one line):

    ssh -N -L 6900:

    If it asks if you want to add or trust the host key or something like that, respond yes. That should only happen once. When prompted, type the password for your account on the remote Mac.

    your_login_short_name is the name of your home folder on the remote Mac; it will be lowercase with no spaces. The -L option creates a local tunnel which forwards TCP port 5900 (the standard VNC server port) on the remote Mac to port 6900 on your local Mac. The -N option to ssh prevents it from opening a command-line connection; omit it if you want one in addition to the port forwarding.

  6. For a Windows client, you can use the plink program from the PuTTY SSH package:

    "C:\Program Files\PuTTY\plink.exe" -N -L 6900:

    plink.exe might be in “C:\Program Files (x86)” or another folder on your computer.

    Alternately, you can use the graphical PuTTY program and in Connection>SSH>Tunnels set

    Source port 6900

    Then click Add.

  7. Run the Screen Sharing client on your local Mac; in Finder:
    Go>Connect to Server (or Command-k)
    In the Server Address box, type:


    A login box will pop up; enter your_login_short_name and your password for the remote Mac.
    You can click the + to save this address as a favorite for the future.

    Your remote Mac’s desktop should appear!

    In the Screen Sharing preferences, you might want to try the option “Show the screen at full quality (more detailed)” if needed and you have fast Internet connections at both ends.

  8. For a Windows client, UltraVNC Viewer is known to work. In the “VNC Server” box, enter “” (yes, two colons), then click Connect. Then enter the VNC password you set earlier on the remote Mac. You will see the Mac’s lock screen; type your account password to unlock it.
  9. When you’re done with your screen sharing session, quit the Screen Sharing app on your local Mac and press Ctrl-c in the Terminal window to disconnect the ssh tunnel.

MacOS X, with Redundant Slow File Databases!

February 11, 2009

I have a couple of PowerBook G4 laptops that are now running Leopard. I keep them closed, in sleep mode, most of the time, often for days at a time, as I’m doing most of my work on faster Macs now. When I do open them up to do something, I often find that they are slowed to a crawl by a “find” process madly searching the disk and using most of the CPU power for the next hour or so. Just when I want to use the computer, it’s too busy to be usable.

What’s happening? I discovered that Leopard updates the “locate” database in its weekly cron script. For a computer that’s on most of the time, that generally happens when it’s idle and I’m not around to care if the computer is slow. If it misses that time because the computer wasn’t on, it runs the job as soon as it wakes up. Right when I want to use it.

So, in addition to Spotlight hogging up the computer, Leopard builds a redundant, Unix-style file database, too. Yes, I was involved in writing that stuff for GNU/Linux, but on Macs I almost never want to run “locate”. You’d think Apple would rewrite it as a Spotlight front-end.

On Mac laptops (excuse me, notebooks), I now edit /etc/defaults/periodic.conf and set


On the slower ones, I also turn Spotlight off completely (I think), by running (with sudo) the commands I found in this tip:

launchctl unload /System/Library/LaunchDaemons/
launchctl unload -w /System/Library/LaunchDaemons/

I use EasyFind if I really need to find a file. It produces more usable results than Spotlight does, anyway.

Now my laptops have enough spare CPU time for me to use them again. Thanks, Leopard.

Macs Needing Unix Network Geekery

February 9, 2009

Several years ago, I noticed that SMB file sharing between Macs (running 10.3 Panther at that time, I think) and Windows XP was a lot slower than it should have been. Copying a file took several times as long as between two PCs on the same 100 megabit LAN. Some research turned up the fact that the MacOS X default network parameters are suboptimal, at least when talking to Windows XP. The fix is to, in Terminal with sudo, create the file /etc/sysctl.conf and put some tweaked settings in it.

The same problem exists in Leopard. The sysctl settings to fix it are slightly different for Leopard and Gigabit networks. Here are some explanations. Here is my sysctl.conf for Leopard and Snow Leopard; omit the maxsockbuf line in Lion and later, and you need only the first two lines in Mavericks (I think) and later because Apple changed the defaults to these settings:


I also got errors when on a Windows XP client trying to copy files from an OS X share. Windows says it can’t read the source file. Going over to the Mac and copying the same files onto a shared folder on the PC works. Some Googling revealed that there’s a bug in the version of Samba that ships with Leopard. It doesn’t properly support extended attributes (an alternate data stream). I don’t need those anyway, so the fix is to turn off the buggy feature unless it gets fixed in a future release. Here’s the diff:

--- /etc/smb.conf	2009/01/04 22:39:52	1.1
+++ /etc/smb.conf	2009/02/08 14:20:50
@@ -44,7 +44,7 @@
     display charset = UTF-8-MAC
     dos charset = 437

-    vfs objects = darwinacl,darwin_streams
+    vfs objects = darwinacl

     ; Don't become a master browser unless absolutely necessary.
     os level = 2
@@ -56,8 +56,8 @@
     use sendfile = yes

     ; The darwin_streams module gives us named streams support.
-    stream support = yes
-    ea support = yes
+    stream support = no
+    ea support = no

     ; Enable locking coherency with AFP.
     darwin_streams:brlm = yes

In Snow Leopard (10.6.6), the changes needed are as follows:

--- /etc/smb.conf	2010/01/22 00:04:17	1.4
+++ /etc/smb.conf	2010/04/20 13:14:28
@@ -44,7 +44,7 @@
     display charset = UTF-8
     dos charset = 437
-    vfs objects = notify_kqueue,darwinacl,darwin_streams
+    vfs objects = notify_kqueue,darwinacl
     ; Don't become a master browser unless absolutely necessary.
     os level = 2
@@ -58,10 +58,12 @@
     mangled names = no
     stat cache = no
     wide links = no
+    ; Preserve performance.
+    getwd cache = yes
     ; The darwin_streams module gives us named streams support.
-    stream support = yes
-    ea support = yes
+    stream support = no
+    ea support = no
     ; Enable locking coherency with AFP.
     darwin_streams:brlm = yes

Restarting the Mac is the easiest way to make these changes take effect.

Lion (10.7) and later use smbd instead of Samba and don’t have this configuration file.

The Mac lover in me is annoyed that Apple ships poor defaults for this important function. How much do they care about Windows file sharing? The Unix geek in me is glad that the free software underpinnings of OS X are configurable enough that I can fix them by editing a couple of text files!

And if you experience a delay of several seconds when connecting to a Windows file share from a Mac, e.g. using “Go->Connect to Server”, make sure to use the full name of the Windows server. On our Active Directory network at the office, when I connected using the form “smb://servername/sharename”, there was about a 6-second delay before the share mounted. When I switched to the form “smb://servername.dom.ain/sharename”, it went down to under a second to connect.