Secure Screen Sharing


At home I keep a MacMini Media Center which from time to time I access it remotely. Usually I do this through the SSH Server in OS X. But eventually I might need to access it through a GUI. Here comes in hand Apple’s OS X nifty tool called “Screen Sharing” which is actually a VNC Server/Client. 

You can setup “Screen Sharing” at the same place you setup the SSH Server in “System Preferences -> Sharing” by ticking “Screen Sharing” and “Remote Login” respectively.

Being that my MacMini lies behind my home firewall. I have setup a port forward mechanism for the SSH protocol. As for “Screen Sharing” the solution was to tunnel it through an ssh session in order to secure my connection.

This is very easily accomplished by these simple commands:

On your client run: 

ssh username@home.ip.address -L 5900:localhost:5900

This will establish a SSH tunnel which tunnels all packets from your client 5900 port to your “MacMini” at the same port (5900 is the default port for VNC services). Please note that in this example I’m forwarding port 22 (ssh server) directly from my firewall to my macmini.

Next, it’s time to connect to it using OSX “Screen Sharing” utility. To do this open a terminal and type:

open vnc://localhost/

This will most likely give you a warning “You cannot share your own computer. No worries! Just type in the terminal:

defaults write skipLocalAddressCheck -boolean YES

Launch again the client, and everything should be OK.

written by Diogo Gomes